Closed
Bug 724861
Opened 12 years ago
Closed 11 years ago
Security review for SpeedTests
Categories
(mozilla.org :: Security Assurance: Review Request, task, P5)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mcote, Assigned: freddy)
Details
(Whiteboard: [completed secreview][score:4::Low])
A quick intro to what this app does. SpeedTests (slightly misnamed) is a framework for cross-browser comparisons. It consists of one or more clients that run tests in a variety of browsers, with a web UI for viewing the results. Info on the wiki is at https://wiki.mozilla.org/Auto-tools/Projects/SpeedTests The only public-facing part of this is the results server, that is, the part that accepts results from clients and serves them to users, via a fairly simple web UI. The tests themselves are served internally, since we may not be able to redistribute them (most of them are modified versions of the Internet Explorer Speed Demos) Where is the source code located? hg.mozilla.org/automation/speedtests/ There is a README in there about setting up the framework. Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on. There is not, at the moment, since the original brasstacks went down. We have a client machine in the MV office along with a test server; however the results are not going anywhere at the moment. Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs. Testing / General, CC mcote@mozilla.com Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)? No. Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS. It reads from and writes to a MySQL database. Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role. No. What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.) Nothing in particular; the app mostly just reads from and writes to a MySQL db. Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed? No admin page. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? I would love to get this done soon, since it has been down for a month, since brasstacks went down. I would like to redeploy it on the new brasstacks as soon as I can.
Updated•12 years ago
|
Keywords: sec-review-needed
Updated•12 years ago
|
Whiteboard: [pending secreview] → [secr:yvan]
Updated•12 years ago
|
QA Contact: mcoates → jstevensen
Updated•12 years ago
|
Component: Security Assurance: Applications → Security Assurance: Review Needed
Updated•12 years ago
|
Assignee: security-assurance → yboily
Status: NEW → ASSIGNED
Updated•12 years ago
|
Keywords: sec-review-needed
Whiteboard: [secr:yvan] → [pending secreview]
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: 1 (P5) - Age Operational: 1 - Minor User: 0 - N/A Privacy: 0 - N/A Engineering: 1 - Minor Reputational: 1 - Minor Priority Score: 4
Severity: normal → minor
Priority: -- → P5
Whiteboard: [pending secreview] → [pending secreview][score:4::Low]
Assignee | ||
Comment 2•11 years ago
|
||
Am I correctly assuming that this is a review for the code in server/ only and that *all* clients will only *ever* come from mozilla offices?
Assignee: yboily → fbraun
Reporter | ||
Comment 3•11 years ago
|
||
Correct. This service has never attracted a lot of attention, so at the moment we have only one client, located in Mountain View.
Assignee | ||
Comment 4•11 years ago
|
||
The SQL queries are all safe. Nice work on that.
Assignee | ||
Comment 5•11 years ago
|
||
All done. See depending bugs for more information.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][score:4::Low] → [completed secreview][score:4::Low]
You need to log in
before you can comment on or make changes to this bug.
Description
•