Closed Bug 737795 Opened 13 years ago Closed 13 years ago

Security review - Mozilla Ignite

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: boozeniges, Assigned: mgoodwin)

References

(
URL
)

Details

We've been developing for a past few months an application in association with the National Science Foundation (NSF), GENI and (potentially) The White House with the end goal being that we create apps that will helpfully go to improve peoples everyday lives. We've got our code on a dev and staging server (held on mozillalabs infrastructure) and would like to ensure that things have been set up correctly and people are happy with where we are going, and what we've done. 1) Who is/are the point of contact(s) for this review? Ross Bruniges, Katrin Lepik 2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): The project/app is split into two phases. In the first stage we're asking people to provide us with ideas (text, uploaded image, external links) on applications that could help out in 1 of 5 of the national priority areas defined to us by the NSF. The second stage we take the first stage a step further - asking for more rounded applications (still text, uploaded image and external links) but then create a kind of incubator where the people working on each application can report back on what they're doing, receive feedback from our predefined judges on their progress and ideas. All this information is also displayed to site users who aren't developing anything but might be interested in the progress of all or a specific submission. 3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: We have a lighthouse project - http://mozillaignite.lighthouseapp.com/projects/86804-mozilla-ignite/overview Our code is on github - https://github.com/rossbruniges/mozilla-ignite Our staging server (where we would like the security review taken out on) can be found at https://ignite-stage.mozillalabs.com/ There is a project blog at https://mozillaignite.org/blog/ 4) Does this request block another bug? If so, please indicate the bug number No 5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? We don't have a firm release date but at the moment we're looking at the middle of April 6) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? - No Are there any portions of the project that interact with 3rd party services? - We use disqus for our commenting but pretty much everything is kept on their servers, we embed their forms and comments via their JS widgets - http://docs.disqus.com/developers/universal/ - We use gravatar to display user avatars - We're using mozilla browserID for sign-on - We use sencha.io to provide reduced size thumb-nails of user uploaded content - http://www.sencha.com/learn/how-to-use-src-sencha-io/ Will your application/service collect user data? If so, please describe - We store user emails (used only for browserID sign-in) and their app submissions (doesn't that count as user data?) 7) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): - Not sure if this is included as part of a security review but I would like to ensure that the server has been set up correctly (and securely) - as I've done it, and I'm a front-end developer by trade :) Any further questions please let me know.
Assignee: nobody → yboily
Whiteboard: [secr:yvan]
I think I'm done here; I'd prefer it if you could resolve all high / moderate issues before you close this out. Thanks.
Mark, since you did the work here do you want to take this bug?
Assignee: yboily → mgoodwin
Whiteboard: [secr:yvan] → [secr:mgoodwin]
Depends on: 746504
I'm closing on the understanding that bug 744362 will soon be resolved.
Keywords: sec-review-neededsec-review-complete
Whiteboard: [secr:mgoodwin]
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.