Start a security review process on appsync

RESOLVED INVALID

Status

P5
normal
RESOLVED INVALID
7 years ago
3 months ago

People

(Reporter: ianbicking, Unassigned)

Tracking

Details

(Whiteboard: devPreviewNonBlocker [nonmwcblocker])

Comment hidden (empty)
(Reporter)

Comment 1

7 years ago
I don't believe the code is ready entirely for "review", but the process is (e.g., the Sync document) and we should establish the criteria for further steps.
(Reporter)

Comment 2

7 years ago
We're in contact with Raymond Forbes about this.

Comment 3

7 years ago
Whats the status of this?
What kind of security review are you all looking for?

Comment 5

7 years ago
Not my bug, I am just trying to understand the status. ianb can probably explain.
(Reporter)

Comment 6

7 years ago
I'm afraid we haven't really progressed past the "hi, let's talk security review" phase.

We have I guess three major pieces that should be reviewed, though on exactly what schedule I'm not sure.  There is the specification itself, and then the client and server (and I guess also the Soup client, which is a different implementation).  We are also trying to use Sauropod, but I would consider that a separate review process.

There's also a general question about what aspects of applications can be sync'd and to what effect, especially if installed application carry around permissions.   But so far we don't have any concrete examples of that.  But it's something that could emerge as a security question if we extend applications, even if sync doesn't change in the process.
Whiteboard: devPreviewNonBlocker
(Reporter)

Comment 7

7 years ago
We should put this review on hold, pending design changes.
(Reporter)

Updated

7 years ago
Priority: -- → P5
A Pivotal Tracker story has been created for this Bug: https://www.pivotaltracker.com/story/show/24808869
Whiteboard: devPreviewNonBlocker → devPreviewNonBlocker [nonmwcblocker]
The old app sync codebase is no longer going to be supported. Apps in the cloud will be under a different codebase. None of these bugs are valid anymore.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID

Updated

3 months ago
Product: Web Apps → Web Apps Graveyard
You need to log in before you can comment on or make changes to this bug.