Closed Bug 1185843 Opened 10 years ago Closed 7 years ago

[Find My Device] prevent server side misuse

Categories

(Firefox OS Graveyard :: FindMyDevice, defect)

Product:
Firefox OS Graveyard
Component:
FindMyDevice
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ddan.dcaju, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0 Build ID: 20150702232110
In the current configuration the server has the same capabilities as the client. If someone compromises your servers(most likely the government of the country you are hosted in) they would be able to locate the individuals device or do any remote managment operation that is or will be suported. A solution would be to use the server as a proxy and encript the comunication between the client and the device so that the server(or anyone in between) is not able to intercept the connection. The protocol could be based on http with an encripted payload that only the device or computer is capable of decripting. The encription algorithm could be rsa and we could authenticate and manage keys using gpg
Firefox OS is not being worked on
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.