Betafarm needs a security review



7 years ago
7 years ago


(Reporter: davida, Unassigned)





7 years ago
(this bug will replace 718891 so that all the right bug parameters are filled in as instructed in the wiki page mentioned in comment #1 in that bug).

1 - A quick intro to what this app does.

This is a webapp where mozillians can create simple project description pages explaining what innovative projects they're working on, and pointers to further information (github repos, wikis, etc.).  Projects are tagged, and people can affiliate themselves with projects.  

2 - Where is the source code located?

3 - Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.

(I'm not 100% sure which machine in the labs cluster this is though. 

4 - Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.

Websites:Betafarm -- no specific cc needed

5 - Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)?

Browserid logins (hence emails), and profile data including:
  - display name
  - website url (e.g. blog)
  - a bio
  - whatever links the user wants (e.g. twitter, blog, etc.)

6 - Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.


7 - Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.

The app supports logged in users and project admins.

I'll get tofumatt to create accounts and amend this bug when that's done.

8 - What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)

9 - Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?

I'll let webdev comment.

10 - This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?

We have release of this site as a cross-functional Q1 goal, so review and time to fix issues that come up before that would be appreciated.

Comment 1

7 years ago
turns out the other bug had already been fixed to be correctly tagged.
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 718891
Keywords: sec-review-needed
removing flag as the duplicate is correct
Keywords: sec-review-needed
Whiteboard: [pending secreview]
You need to log in before you can comment on or make changes to this bug.