I think it has been said before that the extra security being discussed is only required for apps that have been granted privileges (permissions). I'm not sure if it should be only "super sensitive permissions" or any permissions granted automatically. As I've said, if a permission isn't a risk to the user, why is it a permission?
I'm not sure that requiring SSL for any app delivery is necessarily a bad thing. That seems a pretty low bar for developers to support and provides SOME protection. As for the trust level, I feel it is a multi-part trust. The user is trusting the developer to not produce malicious code and the store to vet that the developer has not produced malicious code. This gives the user more confidence that more people have looked at the app before they install it. That way, if any one in the chain finds something unacceptable, it doesn't get through. Yes, collusions can occur, but that is a more difficult proposition for someone intent on causing trouble. On Mar 22, 2012, at 11:54 AM, Ben Francis wrote: > On Thu, Mar 22, 2012 at 3:12 PM, ptheriault <ptheria...@mozilla.com> wrote: > >> Maybe I am wrong, but are not all offline web apps static web apps? >> > > I see your point but there's currently no requirement for *all* of the > remote resources of a web app that works offline to be static and cached > locally. Only the ones listed in the appcache manifest which can provide a > subset of functionality when operating offline, and which themselves can be > updated whenever the appcache manifest is updated. > > >> My assumption was since the apps which require critical permissions are >> typically those which would need to be offline applications, and therefore >> the restriction wasn't a large one. >> > > It depends on how many permissions you extend this policy too. > > Although it would be a shame, I can understand if all four of the > restrictions you mention are applied to a small number of super sensitive > permissions (though I still think the user should have the power to > override this if they want). But to require that all apps are served over > SSL and are completely static (as I think you were proposing) seems > unnecessarily limiting. > > If the app is served dynamically, what sort of controls would you propose >> to mitigate the threats of server compromise, loading unsafe code and web >> application vulnerabilities? >> > > I'm sorry I don't have any technical solutions for this problem, only > non-technical ones which have already been discussed. But fundamentally I > think the user is expressing trust in the app developer who is hosting the > app, not the store which just listed it and provided ratings. > > Ben > > -- > Ben Francis > http://tola.me.uk > _______________________________________________ > dev-webapps mailing list > dev-weba...@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
