Closed Bug 867717 Opened 11 years ago Closed 11 years ago

Review of login.webmaker.org on staging environment

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Due Date:

People

(Reporter: boozeniges, Assigned: freddy)

Details

(Whiteboard: [login.wm.o] [completed secreview][Web][score:low] u= c= p=1 s=sprint 2) 

In the Mozilla Foundation we're working on a system that piggybacks on-top of Persona to provide a single sign on service for our webmaker tools and sites.

We've done a few initial security code reviews on our github repo at https://github.com/mozilla/login.webmaker.org but we've not got it staged so some more tests can be done!

http://webmaker.mofostaging.net/ - there isn't much of a site there yet, but the login works :)

Any problems/questions please let me know, 

Ross
Whiteboard: [login.wm.o] c=login
Assignee: mgoodwin → nobody
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [login.wm.o] c=login → [login.wm.o] c=login [triage needed]
Assignee: nobody → fbraun
Whiteboard: [login.wm.o] c=login [triage needed] → [login.wm.o] c=login [pending secreview]
!!! This app is currently going under a bit of a re-write. Don't review what we currently have up on staging !!!

Will update when it's redone and re-staged.

Sorry for the changes.
OK, I will defer the review until you are done. Please address the review questions as mentioned in https://wiki.mozilla.org/WebAppSec/Security_Review_Request#Questions_to_Address_within_Request_Body and needinfo?/secreview? me when you want me to start.
Status: NEW → UNCONFIRMED
Ever confirmed: false
Whiteboard: [login.wm.o] c=login [pending secreview] → [login.wm.o] c=login [pending secreview][Web]
What's the status on your rewrite, Ross?
Flags: needinfo?(rossbruniges)
Heya :freddyb, 

I thought that there was an additional ticket openned up for review of this app. It's now live (can be seen in webmaker.org).

I've also left Mozilla now so probably best to check in with Dave Humphrey (:humph) in regard to the status and want of any sec reviews...
Flags: needinfo?(rossbruniges)
Well, has this been covered as part of another review?
Flags: needinfo?(david.humphrey)
Well, has this been covered as part of another review?

(I probably needinfo'd the wrong person)
Flags: needinfo?(david.humphrey) → needinfo?(rossbruniges)
Whiteboard: [login.wm.o] c=login [pending secreview][Web] → [login.wm.o] c=login [pending secreview][Web][score:low]
Whiteboard: [login.wm.o] c=login [pending secreview][Web][score:low] → [login.wm.o] c=login [pending secreview][Web][score:low] u= c= p=1 s=ready
Whiteboard: [login.wm.o] c=login [pending secreview][Web][score:low] u= c= p=1 s=ready → [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=ready
Whiteboard: [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=ready → [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=sprint 2
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Flags: needinfo?(rossbruniges)
Resolution: --- → FIXED
Whiteboard: [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=sprint 2 → [login.wm.o] [completed secreview][Web][score:low] u= c= p=1 s=sprint 2
You need to log in before you can comment on or make changes to this bug.