Closed Bug 334575 Opened 18 years ago Closed 18 years ago

protection should have a config flag to enable/disable building

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tony, Assigned: tony)

Details

(Keywords: fixed1.8.1)

Attachments

(1 file, 1 obsolete file)

safe-browsing and url-classifier flags
4.07 KB, patch
benjamin
: review+
shaver
: superreview+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2

protection should be off by default while being developed but with a config flag to toggle it on

Reproducible: Always

        Attachment #218926 -
        Flags: review?(darin)

    
    

    
  
Comment on attachment 218926 [details] [diff] [review]
--enable-protection configure flag

>Index: configure.in

> dnl ========================================================
>+dnl = Enable protection (anti-phishing protection)
>+dnl ========================================================

"Do you use protection?" ;-)

The name of this option could maybe be more specific, but I'm not
sure what else to call it.  You might want to ask bsmedberg about
this (he's the owner of the build system).  I'll request additional
review from him.


>Index: toolkit/components/Makefile.in

>+ifdef MOZ_PROTECTION
>+DIRS += protection
>+endif # MOZ_PROTECTION
> endif # MOZ_XUL
> endif # MOZ_SUITE
> endif # MOZ_THUNDERBIRD

So, this will need to change once thunderbird starts making use of
this component.  OK.


r=darin

        Attachment #218926 -
        Flags: superreview?(benjamin)

        Attachment #218926 -
        Flags: review?(darin)

        Attachment #218926 -
        Flags: review+

    
    

    
  
-> tony
Assignee: nobody → tony
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
What protection does this enable?  It seems like the directory and flag should both have a clearer name ("anti-phishing" would be my first suggestion, or "url-list-manager" if we really think it's important to name it maximally generically).

    
    

    
  
(bz just suggested "url-classifier" in IRC, which I like.)

    
    

    
  
Comment on attachment 218926 [details] [diff] [review]
--enable-protection configure flag

Please rename the configure flag to --enable-antiphishing-apis (you can keep using the MOZ_PROTECTION variable internally).

In toolkit/components/Makefile.in there's no need to put the DIRS += protection ifdef inside all the other ifdefs, move it out to a toplevel ifdef.

        Attachment #218926 -
        Flags: superreview?(benjamin) → superreview-

    
    

    
  
Yeah, --enable-url-classifier sounds good

    
    

    
  
Please also rename the directory to match whatever better naming is chosen here.

    
    

    
  
Ok, I'll make a new patch for this after renaming the directory to url-classifier.

I was planning on the command line flag also enabling anti-phishing functionality in browser/components/[something] as well as the toolkit/components/url-classifier.  Also, in the long run, the anti-phishing framekwork can be extended to protect against other things like spyware (e.g., warning the user before following links that may try to install software).  This was one of the reasons that the original extension was called safe browsing rather than anti-phishing.  So I'm not sure what the best flag name is to enable/disable this functionality is.

    
    

    
  
It might make sense to have an --enable-safe-browsing configure flag that causes MOZ_URL_CLASSIFIER to be enabled as well.

    
    

    
  


  
Creating two flags, one specifically for the url classifier and a safe-browsing flag that forces MOZ_URL_CLASSIFIER on.  The safe-browsing flag will be used to toggle off the browser/UI components.

        Attachment #218926 -
        Attachment is obsolete: true

        Attachment #219823 -
        Flags: review?(benjamin)

    
    

    
  
Comment on attachment 219823 [details] [diff] [review]
safe-browsing and url-classifier flags

the safe-browsing bits are being built as an extension, so they can be disabled by the user, correct?

        Attachment #219823 -
        Flags: review?(benjamin) → review+

    
    

    
  
No, it will be built into the browser.  The user will be able to disable from the prefs pane.

    
    

    
  
Hrm, that's not what Darin and I had originally discussed. I'm not sure it's a big deal, I just wonder what changed... was it originally a google-specific extension, and now it has generic hooks for customizable "protection providers"?

    
    

    
  
Also, when you check this in please file a followup bug to remove this option once it is enabled by default and it no longer needs to be configurable.

    
    

    
  
Comment on attachment 219823 [details] [diff] [review]
safe-browsing and url-classifier flags

There seems to be a planning/policy issue here: the url-classifier bits of this patch are fine and can land now. The safe-browsing bits need discussion, in light of bug 329292; I haven't seen an updated plan since then to move from an extension model to a builtin model.

        Attachment #219823 -
        Flags: superreview?(shaver)

    
    

    
  
bsmedberg: yeah, much has changed since this was originally committed to mozilla cvs.  i think there are some wiki pages somewhere that explain the latest design.  if not, tony can surely bring you up to speed on the latest plans that he, ben and others have developed.

    
    

    
  
Why do we need a config flag at all (for safe-browsing)? Is there uncertainty about whether we're going to turn it on? I don't mind config flags if they are useful (to separate development efforts), but this code has already basically been tested, no?

    
    

    
  
(In reply to comment #19)
> Why do we need a config flag at all (for safe-browsing)? Is there uncertainty
> about whether we're going to turn it on? I don't mind config flags if they are
> useful (to separate development efforts), but this code has already basically
> been tested, no?

The extension code has been tested, but it has some performance problems that we're trying to address by using sqlite to store a the url lists.  There is some risk in this change so it seems beneficial to have a config flag for it.


    
    

    
  
Comment on attachment 219823 [details] [diff] [review]
safe-browsing and url-classifier flags

sr=shaver.  (Didn't hear anything about this switch at the Fx2 meetings, but the note-taker and I might have both missed the one in question. :) )

        Attachment #219823 -
        Flags: superreview?(shaver) → superreview+

    
    

    
  
fixed-on-trunk, fixed1.8.1
Status: NEW → RESOLVED
Closed: 18 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED
Product: Firefox → Toolkit

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: