Closed
Bug 718891
Opened 14 years ago
Closed 13 years ago
Betafarm needs a security review
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: davida, Assigned: mgoodwin)
References
Details
(Whiteboard: [secr:mgoodwin])
Tofumatt is doing a code review, and pmclanahan will be doing ongoing code changes, but we should do a code review of the website currently known as betafarm.
Code lives at https://github.com/mozilla/betafarm
Yvan mentioned doing a review end of january, which I think should be fine from our schedule's POV.
|
||
Comment 1•14 years ago
|
||
Please see https://wiki.mozilla.org/WebAppSec/Security_Review_Request and answer the 10 questions.
Whiteboard: [pending secreview]
|
Reporter | |
Comment 2•14 years ago
|
||
1 - A quick intro to what this app does.
This is a webapp where mozillians can create simple project description pages explaining what innovative projects they're working on, and pointers to further information (github repos, wikis, etc.). Projects are tagged, and people can affiliate themselves with projects.
2 - Where is the source code located?
https://github.com/mozilla/betafarm
3 - Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
http://betafarm.mozillalabs.com/en-US/
(I'm not 100% sure which machine in the labs cluster this is though.
4 - Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
Websites:Betafarm -- no specific cc needed
5 - Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)?
Browserid logins (hence emails), and profile data including:
- display name
- website url (e.g. blog)
- a bio
- whatever links the user wants (e.g. twitter, blog, etc.)
6 - Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
none.
7 - Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
The app supports logged in users and project admins.
I'll get tofumatt to create accounts and amend this bug when that's done.
8 - What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
9 - Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?
I'll let webdev comment.
10 - This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
We have release of this site as a cross-functional Q1 goal, so review and time to fix issues that come up before that would be appreciated.
|
|
||
Updated•14 years ago
|
|
|
||
Updated•14 years ago
|
Keywords: sec-review-needed
|
|
||
Updated•14 years ago
|
Whiteboard: [pending secreview] → [secr:mgoodwin]
assigning to mgoodwin for review
|
|
||
Updated•13 years ago
|
QA Contact: mcoates → jstevensen
|
|
Reporter | |
Comment 5•13 years ago
|
||
ping? we're about to hit some deadline challenges.
|
|
||
Updated•13 years ago
|
Assignee: security-assurance → mgoodwin
mgoodwin, any idea of what your timeline looks like for completing this? Or do we need to reassign this to another resource?
|
|
||
Updated•13 years ago
|
Component: Security Assurance: Applications → Security Assurance: Review Needed
|
|
||
Updated•13 years ago
|
Status: NEW → ASSIGNED
|
|
||
Comment 7•13 years ago
|
||
Resolving this as all blockers appear to be fixed.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Comment 8•13 years ago
|
||
Mark, can you verify this one. Thanks!
|
|
||
Updated•13 years ago
|
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Keywords: sec-review-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•