On 16/03/12 04:27, Lucas Adamski wrote:
Gaia app: consists of a1, b1, c1. A typical local app, with a static
codebase that is installed once, authenticated by a code signature
and prohibited from dynamically loading additional code.
So no remote request for JS? No eval and friends? Do we use CSP or
similar to enforce that?
Granted
signicant privileges in return. Origin of these apps is probably
restricted to a small set of app stores as defined by OS
configuration.
An extensible set, presumably?
Explicit update process.
Maybe this is a side question, but: would there be an "allow this app to
auto-update", like on Android, or at least CyanogenMod?
Certainly, app updates are a pain on Android - it nags me if I ignore
them, and if I accept them, it nags me about different ones tomorrow.
I'd love a "Yeah, whatever" setting which did auto-updates for all apps
which don't request new permissions.
B2G app: a2, b2, c2 Remotely hosted but locally cached, identified by
a manifest. Appears to user as a local app. Codebase restricted to
a single origin, requires HSTS for authentication. All code (JS,
HTML CSS) must be loaded from this origin.
Is the chosen origin defined in the manifest?
How do we validate origins? The Public Suffix List?
If my app comes from foo.bar.com, is the origin automatically
foo.bar.com, or can the app request that the origin be bar.com?
Gerv
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
