Confirmed users
2,615
edits
User:Dmose:Protocol Handler Security Review: Difference between revisions
User:Dmose:Protocol Handler Security Review (view source)
Revision as of 02:30, 2 November 2007
, 2 November 2007→Security and Privacy
| Line 68: | Line 68: | ||
***** unclear how much a warning dialog helps anyway | ***** unclear how much a warning dialog helps anyway | ||
*** non-SSL handlers in combination with DNS MiTM attacks (eg bogus Wifi APs) | *** non-SSL handlers in combination with DNS MiTM attacks (eg bogus Wifi APs) | ||
**** a problem, but not of the magnitude of add-on downloads, because this code doesn't execute locally with privs. Decided to continue to allow sites to determine | **** a problem, but not of the magnitude of add-on downloads, because this code doesn't execute locally with privs. Decided to continue to allow handler sites to determine whether or not to require SSL. | ||
** Misc | ** Misc | ||
*** figure out what URI schemes are acceptable for both source and target | *** figure out what URI schemes are acceptable for both source and target | ||
== Exported APIs == | == Exported APIs == | ||