Security/WebAPI/Socket API: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 8: | Line 8: | ||
|SecTrackerFSA=no | |SecTrackerFSA=no | ||
}} | }} | ||
[[Category: | [[Category:Web APIs]] | ||
===Background=== | ===Background=== | ||
Goals | Goals | ||
Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App) | Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App) | ||
TCP Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=733573 | *TCP Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=733573 | ||
UDP bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745283 | *UDP bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745283 | ||
Articles: | Articles: | ||
| Line 24: | Line 24: | ||
* Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections - but this might prevent a valid use case. | * Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections - but this might prevent a valid use case. | ||
* (out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections) | * (out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections) | ||
* will this API only be available to b2g (I assume not, but how will the trust model work then?) | |||
===Threat Model=== | ===Threat Model=== | ||
The following threats have been considered | |||
* Malicious website uses API to connect to internal resource | |||
* Increased port scanning capability | |||
* Data exfiltration | |||
* Connection to local device | |||
===Authorization Model=== | ===Authorization Model=== | ||
For B2G: | |||
*This will only be available to trusted web apps. | |||
*B2G trusted apps are cached on the phone, code is not loaded dynamically. | |||
*App must request socket permission in the manifest. | |||
===Implementation Requirements=== | ===Implementation Requirements=== | ||
Latest revision as of 16:57, 1 October 2014
Please use "Edit with form" above to edit this page.
Project Info
| Socket API | |
| Project Page | https://bugzilla.mozilla.org/show_bug.cgi?id=733573 |
| Next Milestone | ` |
| Security Resource | ` |
{{#set:Component=Socket API |Project=https://bugzilla.mozilla.org/show_bug.cgi?id=733573 |Milestone=` |Resource=` }}
Security Information
| Status: | OK |
| Securtiy Approved for Beta Launch?: | No |
| Data Flow Diagram: | ` |
| Threat Model: | ` |
| Bugs: | ` |
| Security Review: | ` |
| Final Security Approval: | no |
{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=` |Secreview=` |SecTrackerFSA=no }}
Background
Goals Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App)
- TCP Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=733573
- UDP bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745283
Articles:
Source:
Open Questions
- Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections - but this might prevent a valid use case.
- (out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections)
- will this API only be available to b2g (I assume not, but how will the trust model work then?)
Threat Model
The following threats have been considered
- Malicious website uses API to connect to internal resource
- Increased port scanning capability
- Data exfiltration
- Connection to local device
Authorization Model
For B2G:
- This will only be available to trusted web apps.
- B2G trusted apps are cached on the phone, code is not loaded dynamically.
- App must request socket permission in the manifest.