Closed Bug 388652 Opened 18 years ago Closed 18 years ago

remove code that supports deprecated "/lookup" request in SafeBrowsing protocol

Categories

(Toolkit :: Safe Browsing, defect, P2)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 3 beta4

People

(Reporter: marria, Assigned: dcamp)

References

Details

Attachments

(3 files)

v1
59.76 KB, patch
tony
: review+
Details | Diff | Splinter Review
patch without string removals
58.33 KB, patch
Details | Diff | Splinter Review
string removals
1.43 KB, patch
Details | Diff | Splinter Review
We would like to remove support for enhanced mode, while moving to the new protocol.
What is being removed? Does the new protocol make it unnecessary, or not have the feature at all, or what?
The new protocol only touches the "regular" mode protocol (see bug 387196). Technically we could keep enhanced mode as is with the new protocol. However, we were hoping to take advantage of the code refactor to clean up and remove the less common code path.
I'm guessing "enhanced mode" refers to real-time protection and "regular mode" refers to the 30-minutes-lagged protection that's currently the default. I'd like to see real-time protection remain, but with Firefox simply asking for updates to the blocklist each time a new site is visited rather than sending the URL of the site to Google.
That is correct, "enhanced mode" is real-time protection. I agree that it would be nice to modify the "regular mode" to request updates more regularly, but it won't happen for the initial release.
Flags: blocking-firefox3?
OS: Linux → All
Hardware: PC → All
Morphing slightly to make it clear that this bug is about removing the support for /lookup. Jesse: could you file a new bug about morphing that pref to change the update frequency? I think that's a really good idea. Even if the request results in a throttle-response, we can alert the user to the fact that they're browsing with an out of date list in the enhanced mode.
Flags: blocking-firefox3? → blocking-firefox3+
Summary: remove enhanced mode phishing protection → remove code that supports deprecated "/lookup" request in SafeBrowsing protocol
Blocks: 399656
Target Milestone: --- → Firefox 3 M10
Ok. I filed bug 401811, "Replace 'Check by asking Google about each site I visit' with a more-frequent-update option".
Target Milestone: Firefox 3 M10 → Firefox 3 M11
Priority: -- → P4
Re-nom'ng to bump priority. As bug 412497 demonstrates, some portion of this bug really needs to be fixed. We might view removing the enhanced mode code as more of a "nice to have, code cleanliness" thing, but the current state of affairs is that the pref UI still exposes the option to do live checking, even though we no longer support it. We could just pave over the UI in a separate bug and leave the backend cleanup for later, but dcamp argues in 412497 that cleaning up the whole thing is probably a pretty easy fix. My recommendation is to mark this P2 because I don't think the final release should ship with this UI exposed, and to resolve 412497 as a dup of this bug.
Flags: blocking-firefox3+ → blocking-firefox3?
Target Milestone: Firefox 3 beta3 → Firefox 3 beta4
We should remove the prefs ASAP, I didn't realize this wasn't done already.
Flags: blocking-firefox3? → blocking-firefox3+
Priority: P4 → P2
Attached patch v1Splinter Review
This patch removes the pref and some related code in the safebrowsing component.
Attachment #301553 - Flags: review?(tony)
Can we remove browser/components/safebrowsing/content/warning-overlay.xul (and associated jar.mn entry) as well? Seems like they aren't needed any more, and there might even be a perf win for getting rid of all that xul overlay at startup/winopen.
Comment on attachment 301553 [details] [diff] [review] v1 Did the request backoff logic move elsewhere? I agree with Johnathan that we should remove the overlay .xul file and the strings used in it, but I'm ok with multiple patches to delete code. We can probably also remove some unused JS code in url-classifier jslib. I think we can also drop phishing-afterload-displayer.js and perhaps most of browser-view.js.
Attachment #301553 - Flags: review?(tony) → review+
(In reply to comment #11) > (From update of attachment 301553 [details] [diff] [review]) > Did the request backoff logic move elsewhere? The request backoff for updates is still in listmanager.js, this just removes backoff for the (no-longer-there) individual lookup requests.
Fine from an l10n point of view, just string removals, no context changes for strings around. Fine to go without late-l10n.
Blocks: 416230
Axel suggested that I land the string removals after making sure the rest of the patch doesn't need backing out after landing, so I'm attaching the two separate patches here.
Attached patch string removalsSplinter Review
Keywords: checkin-needed
Landed without string removals in case I have to back it out. Checking in browser/app/profile/firefox.js; /cvsroot/mozilla/browser/app/profile/firefox.js,v <-- firefox.js new revision: 1.276; previous revision: 1.275 done Checking in browser/components/preferences/security.js; /cvsroot/mozilla/browser/components/preferences/security.js,v <-- security.js new revision: 1.15; previous revision: 1.14 done Checking in browser/components/preferences/security.xul; /cvsroot/mozilla/browser/components/preferences/security.xul,v <-- security.xul new revision: 1.22; previous revision: 1.21 done Checking in browser/components/safebrowsing/content/controller.js; /cvsroot/mozilla/browser/components/safebrowsing/content/controller.js,v <-- controller.js new revision: 1.11; previous revision: 1.10 done Checking in browser/components/safebrowsing/content/globalstore.js; /cvsroot/mozilla/browser/components/safebrowsing/content/globalstore.js,v <-- globalstore.js new revision: 1.20; previous revision: 1.19 done Checking in browser/components/safebrowsing/content/list-warden.js; /cvsroot/mozilla/browser/components/safebrowsing/content/list-warden.js,v <-- list-warden.js new revision: 1.17; previous revision: 1.16 done Checking in browser/components/safebrowsing/content/malware-warden.js; /cvsroot/mozilla/browser/components/safebrowsing/content/malware-warden.js,v <-- malware-warden.js new revision: 1.8; previous revision: 1.7 done Checking in browser/components/safebrowsing/content/phishing-warden.js; /cvsroot/mozilla/browser/components/safebrowsing/content/phishing-warden.js,v <-- phishing-warden.js new revision: 1.28; previous revision: 1.27 done Checking in browser/components/safebrowsing/content/reporter.js; /cvsroot/mozilla/browser/components/safebrowsing/content/reporter.js,v <-- reporter.js new revision: 1.6; previous revision: 1.5 done Checking in browser/components/safebrowsing/content/sb-loader.js; /cvsroot/mozilla/browser/components/safebrowsing/content/sb-loader.js,v <-- sb-loader.js new revision: 1.26; previous revision: 1.25 done Removing browser/components/safebrowsing/content/tr-fetcher.js; /cvsroot/mozilla/browser/components/safebrowsing/content/tr-fetcher.js,v <-- tr-fetcher.js new revision: delete; previous revision: 1.11 done Checking in browser/components/safebrowsing/src/nsSafebrowsingApplication.js; /cvsroot/mozilla/browser/components/safebrowsing/src/nsSafebrowsingApplication.js,v <-- nsSafebrowsingApplication.js new revision: 1.11; previous revision: 1.10 done
Status: NEW → ASSIGNED
Keywords: checkin-needed
Checking in browser/locales/en-US/chrome/browser/preferences/security.dtd; /cvsroot/mozilla/browser/locales/en-US/chrome/browser/preferences/security.dtd,v <-- security.dtd new revision: 1.8; previous revision: 1.7 done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: