Closed
Bug 339876
Opened 18 years ago
Closed 11 years ago
create an "anti phishing provider" definition format
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
WONTFIX
Firefox 2 beta1
People
(Reporter: beltzner, Unassigned)
References
Details
We need to create a definition file that specifies a provider for our anti-phishing services. The definition should contain (this list is not exhaustive, please add on to it if I'm missing something)
- endpoints for downloading/updating local list
- endpoints for "active" protection
- logo to use in the bubble
- link targets to use in the bubble ("report it", "send report")
- endpoints for submitting a suspected site through Reporter [1]
- optionally
- questions to ask the user when reporting a suspected site w/Reporter [1]
- an endpoint for a visual capacha challenge/response
- an endpoint for an audio capacha challenge/response
- an endpoint for submitting the report data to provider [2]
[1]: (see bug 337484)
[2]: in addition to submitting the data to mozilla
|
||
Comment 1•18 years ago
|
||
> - endpoints for downloading/updating local list Do other providers need to implement this? There's no UI for changing the local list provider. > - endpoints for "active" protection This requires two URLS, one to do the lookup, and one to provide a key so we can RC4 encrypt the URL. It could optionally include a URL for reporting if the user clicked on "Get me out of here" or "Ignore warning". > - link targets to use in the bubble We're currently using 3 different form pages for this, but we could possibly use only 2 (false positive, report new phish site, and a generic report form). The bubble also has links to a phishing FAQ page and a page describing safe browsing. Should these URLs go to the provider page or to a page on mozilla.org?
|
||
Comment 2•18 years ago
|
||
Is it possible for the provider list and attributes to be downloaded from Mozilla? Perhaps on first run the browser would download the initial list, and could check daily for a new list as part of the existing update infrastructure. This would allow us to add new providers outside of a Firefox update release. (FYI - I added the same comments to bug 338598)
|
Reporter | |
Comment 3•18 years ago
|
||
(In reply to comment #1) > Do other providers need to implement this? There's no UI for changing the > local list provider. Do you mean that there's no UI for that now, or that there's no way for the code to have this change made? If the former, that's easy enough to fix. If the latter, then we'll need to file some bugs to get that changed. What I'm asserting, though, is that if the user picks a different provider, that provider should be the source of the seed list in the inactive mode. Sensible? >> - link targets to use in the bubble > We're currently using 3 different form pages for this, but we could possibly > use only 2 (false positive, report new phish site, and a generic report form). We can make this three endpoints, sure. Reporter would use the "report new phish site", and Brian was saying that you've got some good user feedback which shows that some people like to report sites that already present as phishing sites. Strange, but OK! > The bubble also has links to a phishing FAQ page and a page describing safe > browsing. Should these URLs go to the provider page or to a page on > mozilla.org? I think we'll point those at mozilla.com, yes. Yay, more bugs. We've already got the rudimentary content up at http://mozilla.org/projects/bonecho/anti-phishing Sherman: I'll follow up to your question on that bug, then.
|
|
||
Comment 4•18 years ago
|
||
(In reply to comment #3) > Do you mean that there's no UI for that now, or that there's no way for the > code to have this change made? If the former, that's easy enough to fix. If the > latter, then we'll need to file some bugs to get that changed. What I'm > asserting, though, is that if the user picks a different provider, that > provider should be the source of the seed list in the inactive mode. Sensible? This is easy enough to do. I'm making the change now to support multiple providers so I'll include this in the patch.
|
|
||
Comment 5•18 years ago
|
||
On the client side, an extension needs to set the following values: browser.safebrowsing.provider.[idnum].name browser.safebrowsing.provider.[idnum].lookupURL browser.safebrowsing.provider.[idnum].keyURL It may optionally set: browser.safebrowsing.provider.[idnum].reportURL browser.safebrowsing.provider.[idnum].updateURL browser.safebrowsing.provider.[idnum].reportGenericURL browser.safebrowsing.provider.[idnum].reportErrorURL browser.safebrowsing.provider.[idnum].reportPhishURL The description of lookupURL, keyURL, reportURL and updateURL can be found here: http://wiki.mozilla.org/Phishing_Protection:_Server_Spec The other 3 report URLs point to HTML pages for reporting phishing sites. The Google versions are at: http://www.google.com/safebrowsing/report_general/ http://www.google.com/safebrowsing/report_error/ http://www.google.com/safebrowsing/report_phish/ These are the link targets used by the bubble ("report it", "send report"). [idnum] should be the next available integer. 0 is used by the default values (what we ship with). The UI for changing providers is being discussed in bug 340677 and 340740, however, to change it directly, you can set browser.safebrowsing.dataProvider to the [idnum] of your provider.
|
||
Comment 6•18 years ago
|
||
How does one get the [idnum] of the currently selected anti phishing provider? Is there another pref that has this number set?
|
|
||
Comment 7•18 years ago
|
||
(In reply to comment #6) > How does one get the [idnum] of the currently selected anti phishing provider? > Is there another pref that has this number set? Yes, the pref is browser.safebrowsing.dataProvider.
|
|
||
Comment 8•18 years ago
|
||
Ah, missed that. Sry, thanks.
|
||
Comment 9•18 years ago
|
||
What's the status of this bug? It seems to be something that was done ages ago, unless I'm missing some nuance to the discussion here.
|
||
Comment 10•11 years ago
|
||
Antiphishing never turned into a thing that had multiple providers available, and we've been ripping out the multiprovider remnants ever since.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Updated•10 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•