canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/SimplePush: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 19: | Line 19: | ||
2. The version of this channelID is stored on the PushServer | 2. The version of this channelID is stored on the PushServer | ||
3. The user-agent calls /v1/update to retrieve a list of all registered all channels and all known versions (for this particular user-agent-id) | 3. The user-agent calls /v1/update to retrieve a list of all registered all channels and all known versions (for this particular user-agent-id) | ||
|SecReview threat brainstorming=1. Spoof a message from the Application Server to the client | |||
Is this correct: There is no authentication of the App Server, however the ChannelIDs are designed to be large and random enough to make it impossible to guess, bruteforce or accidentally send data to a channel without prior knowledge of the channelID | |||
Yes this is correct | |||
2. Interception of messages in transit | |||
Data involved is low risk, and can be secured by use of channel security ? Are we using TLS? Seems like we must otherwise anyone able to view message could spoof changes to version numbers ... more information needed... | |||
"Version" is probably a bad term. Really, this is an ETag. If SimplePush gets a value different than the one it had, it triggers an update request to the client. (The term "Version" comes from the original source paper for Google Thailfi.) If the message is intercepted, the bad guy gets a random number. | |||
Well I wouldn't say it is an E-Tag, the application might be using sequentially increasing integers as version numbers. | |||
* we will only accept 64-bit integers as versions | |||
3. PushServer DoS? | |||
This is a more valid concern. A UAID+CHID pair aren't considered valid until there's some traffic, and invalid pairs are cleaned up using garbage collection. High numbers of registrations from a single IP are also warning signs, but can be throttled back by the server. | |||
4. Disclosure of channel URL | |||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status= | |SecReview action item status=In Progress | ||
|SecReview action items=* Who :: What :: By when (Keep in mind all these things will be bugs that block the review bug, that blocks the feature bug) | |||
pauljt | |||
pauljt::Web App Test of Server Component:: when we can. | |||
pauljt::Web App Test of Telefonica Component:: ASAP | |||
Jlebar::Review notification telefonica server:: ASAP | |||
}} | }} | ||