Security/WebAPI/Socket API: Difference between revisions

Revision as of 04:27, 21 May 2012

Please use "Edit with form" above to edit this page.

Socket API
Project Page	https://bugzilla.mozilla.org/show_bug.cgi?id=733573
Next Milestone	`
Security Resource	`

{{#set:Component=Socket API |Project=https://bugzilla.mozilla.org/show_bug.cgi?id=733573 |Milestone=` |Resource=` }}

Status:	OK
Securtiy Approved for Beta Launch?:	No
Data Flow Diagram:	`
Threat Model:	`
Bugs:	`
Security Review:	`
Final Security Approval:	no

{{#set:Sectrackerstatus=OK |Simpyn=No |DFD=` |TM=` |bugs=` |Secreview=` |SecTrackerFSA=no }}

Goals Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App)

Articles:

Source:

Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections - but this might prevent a valid use case.
(out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections)

@@ Line 13: / Line 13: @@
 Goals
 Expose Socket API so that Web Apps can connect to services requiring such access (e.g. SMTP Web App)
-Bug:
+TCP Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=733573
-https://bugzilla.mozilla.org/show_bug.cgi?id=733573
+UDP bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745283
 Articles:
@@ Line 22: / Line 22: @@
 ===Open Questions===
+* Could any security restrictions be applied to mitigate security risk? E.g. we could prevent localhost connections -  but this might prevent a valid use case.
+* (out of scope but important) How will credentials be stored (assuming that apps making connections will need credentials to make secure connections)
 ===Threat Model===