Security/Reviews/TCPSocket: Difference between revisions

Security/Reviews/TCPSocket (view source)

375 bytes added , 12 June 2012

no edit summary

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 39: / Line 39: @@
 **  Trusted model: specify hosts/ports in the manifest, permissions granted  implicity. user can modify permissions? User prompted on first run?
 *  (out of scope but important)  How will credentials be stored (assuming  that apps making connections  will need credentials to make secure  connections)
-|SecReview threats considered=
 |SecReview threat brainstorming=** Malicious website uses API to connect to internal resource
 ** Increased port scanning capability
@@ Line 49: / Line 47: @@
 {{SecReviewActionStatus
 |SecReview action item status=In Progress
-|SecReview action items=* Investigate restriction options - maybe via CSP. (nsiContentPolicy check)
+|SecReview action items=<table border="1">
-* Investigate whether to handle cert errors in app or in a b2g system component
+<tr>
+	<td>Who</td>
+	<td>bug</td>
+	<td>Action</td>
+	<td>By When</td>
+	<td>Completed date
+		{{new|new}}
+		{{done|Done}}
+		{{miss|Miss}}
+	</td>
+</tr>
+<tr>
+	<td>pauljt </td>
+	<td>763930</td>
+	<td>Investigate restriction options - maybe via CSP. (nsiContentPolicy check)</td>
+	<td>TBD </td>
+	<td>{{new|new}} </td>
+</tr>
+<tr>
+	<td>pauljt </td>
+	<td>763931</td>
+	<td>Investigate whether to handle cert errors in app or in a b2g system component</td>
+	<td>TBD </td>
+	<td>{{new|new}} </td>
+</tr>
+</table>
+<bugzilla>
+{
+"id":"763930,763931"
+}
+</bugzilla>
 }}