canmove, Confirmed users
1,537
edits
Privacy/Reviews/F1A: Difference between revisions
→Credentials
| Line 395: | Line 395: | ||
''The Risk'' is that these credentials might be leaked across third parties or to other users of the system. | ''The Risk'' is that these credentials might be leaked across third parties or to other users of the system. | ||
''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database and, when possible, encrypted using the browser's master password. | ''Requirement:'' These credentials are stored by the 3rd party webapp components who use them and only those components (and the browser, extended by the Share Mediator Component) should be able to touch them. Any non-oauth credentials should be stored in the password database (not localstorage) and, when possible, encrypted using the browser's master password. | ||
{{ResolutionBox|{{new|}}}} | {{ResolutionBox|{{new|the apps shipping with F1A use cookies and the usual HTML mechanisms for authentication.}}}} | ||
== Clearing Private Data == | == Clearing Private Data == | ||