Confirmed users
717
edits
WebAPI/Security/Contacts: Difference between revisions
Jump to navigation
Jump to search
m
no edit summary
mNo edit summary |
|||
| Line 1: | Line 1: | ||
Name of API: Contacts API | |||
Reference:https://wiki.mozilla.org/WebAPI/ContactsAPI | Reference:https://wiki.mozilla.org/WebAPI/ContactsAPI | ||
Brief purpose of API: Access to users contacts. | Brief purpose of API: Access to users contacts. | ||
| Line 12: | Line 14: | ||
Threat severity: high | Threat severity: high | ||
== Regular web content (unauthenticated) == | |||
Use cases for unauthenticated code: Mediated access to specific (user selected) contact | Use cases for unauthenticated code: Mediated access to specific (user selected) contact | ||
information | information | ||
| Line 25: | Line 27: | ||
* API provides a local identifier instead of the actual contact information | * API provides a local identifier instead of the actual contact information | ||
== Trusted (authenticated by publisher) == | |||
Use cases for authenticated code: Create, read or edit contact information | Use cases for authenticated code: Create, read or edit contact information | ||
| Line 34: | Line 36: | ||
* Have separate permissions read,create or update/delete? (assuming that many apps only want read, and could use web activities to create a contact if necessary?) | * Have separate permissions read,create or update/delete? (assuming that many apps only want read, and could use web activities to create a contact if necessary?) | ||
== Certified (vouched for by trusted 3rd party) == | |||
Use cases for certified code: Create, read or edit contact information | Use cases for certified code: Create, read or edit contact information | ||