Closed
Bug 407828
Opened 17 years ago
Closed 8 years ago
Improve comments in security interfaces that embeddors might implement
Categories
(Core :: Security: PSM, defect, P2)
Core
Security: PSM
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: KaiE, Unassigned)
Details
(Keywords: sec-want, Whiteboard: [sg:want P1])
PSM provides interfaces that embedding applications can override. They are designed to allow applications to use their own chrome. Some interfaces are designed to give users a choice to review sensitive information and make momentous decisions, like installing a CA cert as trusted or providing a private key to an issuing authority. This bug proposes to review the existing interfaces and use more obvious comments. This will prevent embeddors from accidentially using wrong function result values and hopefully will prevent security issues. The following interfaces might be of interest: nsITokenPasswordDialogs, nsICertificateDialogs, nsIClientAuthDialogs, nsICertPickDialogs, nsITokenDialogs, nsIDOMCryptoDialogs, nsIGeneratingKeypairInfoDialogs There might be other interfaces I'm missing. Here are some first proposals: ConfirmDownloadCACert // If an implementation chooses not to implement UI for displaying // the cert and asking the user for confirmation, // then this function must return PR_FALSE. ConfirmKeyEscrow // If an implementation chooses not to implement UI that asks the user for // confirmation to hand out the private key, // then this function must return PR_FALSE.
Comment 1•17 years ago
|
||
I'm not sure this bug needs to be security-sensitive, although I guess it won't hurt to it that way until Nokia can update their implementation.
Flags: blocking1.9?
Whiteboard: [sg:want P1]
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
Updated•16 years ago
|
Flags: tracking1.9+
Updated•16 years ago
|
Flags: wanted-next+
Reporter | ||
Updated•12 years ago
|
Assignee: kaie → nobody
Group: core-security
Reporter | ||
Comment 3•12 years ago
|
||
I'm no longer sure this deserves to have a high priority. Nobody else has made the same mistake in the previous 4 years.
Comment 4•8 years ago
|
||
The PSM IDL documentation is somewhat lacking, but AIUI, nobody really embeds Gecko anymore. So, we can just fix each IDL one at a time as reasonable.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•