MozillaWiki

B2G App Security Model/Threat Model: Difference between revisions

Page Discussion

B2G App Security Model/Threat Model (view source)

Revision as of 05:29, 2 April 2012

73 bytes added ,  2 April 2012
→‎Potential Countermeasures
Line 63: Line 63:
====Potential Countermeasures====
====Potential Countermeasures====
* Controls are largely the same as for vulnerable web applications - see above.
* Controls are largely the same as for vulnerable web applications - see above.
* Code Signing is an effective control here (assuming static web apps). Signing with a key not stored on the hosting server so that compromise of the server doesn’t directly result compromised phones.
* Code Signing is an effective control here (assuming that dynamic code loading and running - e.g. eval or script injection - is not permitted). Signing with a key not stored on the hosting server so that compromise of the server doesn’t directly result compromised phones.


=== App Store Compromise===
=== App Store Compromise===
Lkcl
177

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/414781"