Closed
Bug 734515
Opened 12 years ago
Closed 12 years ago
LoveBomb.me
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: davida, Assigned: mgoodwin)
Details
(Whiteboard: [secr:mgoodwin])
1. A quick intro to what this app does.
This is essentially a webby ecard maker. The idea is to run a campaign using Mother's Day as the hook, where people can make their own webby ecards for their Mom, and then share otu and see what others did. It provides an easy way to get your hands a little dirty with code, learn something, and then have an awesome (better than a) card at the end that you can be proud of and share widely. There are three principal goals:
1) Provide an approachable, fun onramp into our learning offerings
2) Teach a little bit (and possibly more) of code, without being too scary for a non-coder
3) Grow our base of supporters
(we have some internal docs at https://etherpad.mozilla.org/lovebomb, we'll work on a wiki page that's more crisp.)
2. Where is the source code located?
No code yet.
3. Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
No code yet, although there's an early proof-of-concept running at lovebomb.me (which is much more wide-open (insecure, etc.) than what we're proposing to do).
4. Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
No component created yet.
5. Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)?
No, although it is likely to collect names in freeform fields.
6. Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
no.
7. Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
no.
8. What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
worst case scenarios: DOS; used to store & publish compromising "e-cards"; if the system was insecure, defacing of the app.
9. Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?
no admin page. Admin will be done only via shell access on the server.
10. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
We need to be fully launched by May 6th, to be able to promote it the week before Mother's Day.
(ben simon is the product owner, i'm just helping w/ the bug filing).
|
||
Updated•12 years ago
|
QA Contact: mcoates → jstevensen
assigned to mgoodwin
Assignee: security-assurance → mgoodwin
Whiteboard: [pending secreview] → [secr:mgoodwin]
|
|
||
Updated•12 years ago
|
Status: NEW → ASSIGNED
Hi all, This project has been shelved for now; will likely be revived in a different format later in the year, but no need to do anything more on it for now. Thanks, Ben
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Comment 3•12 years ago
|
||
I know this is closed, but the site is still live and is vulnerable to the same XSS issue as webpagemaker (bug 756414) - we don't have a component so I'm just mentioning this here...
|
||
Updated•12 years ago
|
Keywords: sec-review-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•