Closed Bug 1060168 Opened 10 years ago Closed 10 years ago

[RPP] remove the password from the DB

Categories

(Firefox OS Graveyard :: Gaia, defect)

Product:
Firefox OS Graveyard
Component:
Gaia
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(feature-b2g:2.2+)

Status:
RESOLVED FIXED
Project Flags:
feature-b2g 2.2+

People

(Reporter: marta, Assigned: agnieszka.baranowska)

References

Details

(Keywords: privacy)

Attachments

(1 file)

https://github.com/mozilla-b2g/gaia/pull/23907
46 bytes, text/x-github-pull-request
Details | Review 
Once Location/Lock/Remote Wipe Remove password from the database. Make sure the “first time use” launches next time the privacy panel is opened.
Assignee: nobody → marta
Summary: RPP: remove the password from the DB → [RPP] remove the password from the DB
Keywords: privacy
OS: Linux → Gonk (Firefox OS)
Hardware: x86_64 → All
QA Whiteboard: STATUS: implementation work
Priority: -- → P3
QA Whiteboard: STATUS: implementation work → STATUS: not started
Password should be removed from the database at the moment when an SMS listener receives an SMS and detects the SMS as FmD SMS.

Marta, please confirm.
Does it mean that user will have only single opportunity to send FmD SMS?
If we have 'hide FmD SMS' functionality, it won't be necessary remove password, yes?

Marta, please answer.
No. The password should be removed once the user gets the phone back and unlocks it. Exemplary workflow:
1. I lost my device and need to locate it
2. I send an SMS to my number from friends phone
3. My phone activates the "locate_me(function) and sends back to my friends phone SMS with the GPS coordinates.
Also my phone locks itself.
4. I go to the location and find my device. 
5. I unlock my phone
6. The password is removed from the DB and app asks to set a new password.

We need to do that for locating, wiping and locking the device. The password should be reset after the phone is unlocked, not once it receives the SMS. We need to do it anyway, cause even hidden SMS can be resent later on by the person who's phone was used earlier.
Assignee: marta → agnieszka.baranowska
Should it (resetting password) be automatic or manual process? Because if manual process is enough, there is such functionality already designed. I mean this link 'Forgot/change your pass phrase?' below input to enter password. I mentioned about it in comment to 'Bug 1060157 - [RPP] Main panel' (https://bugzilla.mozilla.org/show_bug.cgi?id=1060157#c4).
It should happen automatically. We cannot relay on the user to remember to reset his password. Possibility of resending a message with the already used password and activating the command again has too high security impact. The phone should not allow for any further usage of the functionality (go back to the "factory mode" of that app) once the functionality has been activated and later deactivated.
QA Whiteboard: STATUS: not started → STATUS: implementation work
QA Whiteboard: STATUS: implementation work → STATUS: ready for review
Priority: P3 → --
Blocks: 1069915
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
feature-b2g: --- → 2.2+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: