canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/NotificationsBackend: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/NotificationsBackend (view source)
Revision as of 22:00, 15 June 2012
, 15 June 2012no edit summary
No edit summary |
No edit summary |
||
| Line 14: | Line 14: | ||
|SecReview feature goal=* Provide a semi-anonymous method for a site to send a brief message to an interested user via any registered Agent acting on behalf of the user. | |SecReview feature goal=* Provide a semi-anonymous method for a site to send a brief message to an interested user via any registered Agent acting on behalf of the user. | ||
|SecReview alt solutions=* There are several methods that this could be achieved including a permanent websocket, IM protocol (e.g. XMPP), hidden iframe, etc. | |SecReview alt solutions=* There are several methods that this could be achieved including a permanent websocket, IM protocol (e.g. XMPP), hidden iframe, etc. | ||
|SecReview solution chosen=* This method was the easiest for 3rd party sites to implement as well as provided the most control and privacy to the user. | |||
|SecReview solution chosen=* This method was the easiest for 3rd party sites to implement as well as provided the most control and privacy to the user. | |||
|SecReview threats considered=* Spam: remote site could attempt to send spam messages to randomly chosen URLs | |SecReview threats considered=* Spam: remote site could attempt to send spam messages to randomly chosen URLs | ||
** URL namespace is 256bit random, making it very large with a low chance of success | ** URL namespace is 256bit random, making it very large with a low chance of success | ||
| Line 40: | Line 38: | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status=In Progress | |SecReview action item status=In Progress | ||
|SecReview action items= | |SecReview action items=<table border="1"> | ||
<tr> | |||
<td>Who</td> | |||
<td>bug</td> | |||
<td>Action</td> | |||
<td>By When</td> | |||
<td>Completed date | |||
{{new|new}} | |||
{{done|Done}} | |||
{{miss|Miss}} | |||
</td> | |||
</tr> | |||
<tr> | |||
<td>dchan </td> | |||
<td>{{bug|765378}} </td> | |||
<td>are websockets torn down when going to privacy mode?</td> | |||
<td>6/21 </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>dchan </td> | |||
<td>{{bug|765383}} </td> | |||
<td>are iframes allowed to generate notifications doorhangars? Should follow same model as geolocation. </td> | |||
<td>6/21 </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>dchan </td> | |||
<td>{{bug|765384}} </td> | |||
<td>testing for notifications </td> | |||
<td> </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
<tr> | |||
<td>dchan </td> | |||
<td>{{bug|765385}} </td> | |||
<td>follow up with jonas on b2g apps wants to listen for notifications from their domain </td> | |||
<td>6/21 </td> | |||
<td>{{new|new}} </td> | |||
</tr> | |||
</table> | |||
<bugzilla> | |||
{ | |||
"id":" 765378,765383,765384,765385" | |||
} | |||
</bugzilla> | |||
}} | }} | ||
Notifications let websites send small messages (<1024 bytes) to users without | Notifications let websites send small messages (<1024 bytes) to users without | ||