MozillaWiki

Extension Manager:Addon Update Security: Difference between revisions

Page Discussion

Extension Manager:Addon Update Security (view source)

Revision as of 14:18, 19 July 2007

225 bytes removed ,  19 July 2007
→‎Securing Update Manifests Through Digital Signatures
Line 59: Line 59:


If the digital signature suggests that the update manifest has been tampered with then the entire update manifest is ignored and the update check is taken to have failed. It should be noted that this will occur even if the update manifest was delivered over an SSL connection. The failure will appear to the user as a general error with the update manifest. Add-on authors will be able to get more detailed information by enabling the extension manager logging.
If the digital signature suggests that the update manifest has been tampered with then the entire update manifest is ignored and the update check is taken to have failed. It should be noted that this will occur even if the update manifest was delivered over an SSL connection. The failure will appear to the user as a general error with the update manifest. Add-on authors will be able to get more detailed information by enabling the extension manager logging.
* What do we do if we have no public key and the update manifest has a signature and it was delivered over SSL?
* What do we do if we have a public key and the update manifest has no signature but it was delivered over SSL


=== Ensuring Update Package Security ===
=== Ensuring Update Package Security ===
Mossop
canmove, Confirmed users
1,570

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/62755"