MozillaWiki

Apps/SecurityDetails: Difference between revisions

Page Discussion

Apps/SecurityDetails (view source)

Revision as of 04:39, 12 August 2012

89 bytes added ,  12 August 2012
m
Added link for CSP
(Minor changes to sentence structure; added picture to explain the sandbox model)
m (Added link for CSP)
Line 222: Line 222:
* The app will have to be reviewed by the store. Including reviewing all of the code that makes up the app.
* The app will have to be reviewed by the store. Including reviewing all of the code that makes up the app.
* The app will be signed by the store to ensure that hacking the store website doesn't allow a hacker to install arbitrary content on users devices.
* The app will be signed by the store to ensure that hacking the store website doesn't allow a hacker to install arbitrary content on users devices.
* The app will use a CSP policy to harden the app itself against bugs which would allow an attacker to inject code into the app. This will also make reviewing the app easier.
* The app will use a [https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html CSP] policy to harden the app itself against bugs which would allow an attacker to inject code into the app. This will also make reviewing the app easier.


=== App Review ===
=== App Review ===
Gnittala
Confirmed users
14

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/460158"