WebAPI/Security/TCPSocket: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/TCPSocket (view source)

Revision as of 03:51, 19 June 2012

7 bytes added ,  19 June 2012
no edit summary
No edit summary
Line 16: Line 16:


== Trusted (authenticated by publisher) ==
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols
*Use cases for authenticated code: Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols
Use cases for trusted code: Implicit
*Use cases for trusted code: Implicit
Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024).  Listening on a port < 1024 should be prohibited.
*Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024).  Listening on a port < 1024 should be prohibited.
Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run?  
*Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run?  


== Certified (vouched for by trusted 3rd party) ==
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:  Open a connection to any domain/port
*Use cases for certified code:  Open a connection to any domain/port
Authorization model: Implicit
*Authorization model: Implicit
Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)
*Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/442658"

Navigation menu