Closed
Bug 1060168
Opened 10 years ago
Closed 10 years ago
[RPP] remove the password from the DB
Categories
(Firefox OS Graveyard :: Gaia, defect)
Tracking
(feature-b2g:2.2+)
RESOLVED
FIXED
feature-b2g | 2.2+ |
People
(Reporter: marta, Assigned: agnieszka.baranowska)
References
Details
(Keywords: privacy)
Attachments
(1 file)
Once Location/Lock/Remote Wipe Remove password from the database. Make sure the “first time use” launches next time the privacy panel is opened.
Summary: RPP: remove the password from the DB → [RPP] remove the password from the DB
QA Whiteboard: STATUS: implementation work → STATUS: not started
Assignee | ||
Comment 1•10 years ago
|
||
Password should be removed from the database at the moment when an SMS listener receives an SMS and detects the SMS as FmD SMS.
Marta, please confirm.
Assignee | ||
Comment 2•10 years ago
|
||
Does it mean that user will have only single opportunity to send FmD SMS?
If we have 'hide FmD SMS' functionality, it won't be necessary remove password, yes?
Marta, please answer.
No. The password should be removed once the user gets the phone back and unlocks it. Exemplary workflow:
1. I lost my device and need to locate it
2. I send an SMS to my number from friends phone
3. My phone activates the "locate_me(function) and sends back to my friends phone SMS with the GPS coordinates.
Also my phone locks itself.
4. I go to the location and find my device.
5. I unlock my phone
6. The password is removed from the DB and app asks to set a new password.
We need to do that for locating, wiping and locking the device. The password should be reset after the phone is unlocked, not once it receives the SMS. We need to do it anyway, cause even hidden SMS can be resent later on by the person who's phone was used earlier.
Assignee | ||
Comment 4•10 years ago
|
||
Should it (resetting password) be automatic or manual process? Because if manual process is enough, there is such functionality already designed. I mean this link 'Forgot/change your pass phrase?' below input to enter password. I mentioned about it in comment to 'Bug 1060157 - [RPP] Main panel' (https://bugzilla.mozilla.org/show_bug.cgi?id=1060157#c4).
It should happen automatically. We cannot relay on the user to remember to reset his password. Possibility of resending a message with the already used password and activating the command again has too high security impact. The phone should not allow for any further usage of the functionality (go back to the "factory mode" of that app) once the functionality has been activated and later deactivated.
QA Whiteboard: STATUS: not started → STATUS: implementation work
Assignee | ||
Comment 6•10 years ago
|
||
QA Whiteboard: STATUS: implementation work → STATUS: ready for review
Priority: P3 → --
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
feature-b2g: --- → 2.2+
You need to log in
before you can comment on or make changes to this bug.
Description
•