On Thu, Mar 22, 2012 at 1:50 AM, ptheriault <ptheria...@mozilla.com> wrote:
> To me these controls are not mutually exclusive, but rather a series of > controls that provide mitigations against slightly different threats. > > 1. Require the app host to have SSL? > 2. Require the app to be static HTML/JS/CSS (and prevent loading of > dynamic code)? > 3. Require the app to be hosted on a Trusted App Host (i.e. under the > stores control, or a trusted third party)? > 4. Require code to be signed? > > These all mitigate different threats: > > - SSL mitigates network compromise > - Static apps are easier to review (reduce chance of vulnerable or > malicious code) > - Deploying from a trusted location (in theory) reduces the risk of change > code due to app host compromise > - Code signing (with effective key management) prevents static code from > being modified on the app host, network or device itself > > Perhaps I am oversimplifying here but to me its more a case of what > security features are we going to support in B2G. I think that 1& 2 are > mandatory: > Really? I thought that the whole point of Open Web Apps was that anyone can host their own web app on their own web server, then allow their app to be installed either directly from their own server or from a listing on multiple competing app stores, not host the app on one store's trusted server. I understand this makes security very challenging, but how is what you describe better than the status quo? Also, how many existing web apps have static HTML, CSS and JavaScript in practice? Ben -- Ben Francis http://tola.me.uk _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
