Review of login.webmaker.org on staging environment

RESOLVED FIXED

Status

RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: boozeniges, Assigned: freddyb)

Tracking

Details

(Whiteboard: [login.wm.o] [completed secreview][Web][score:low] u= c= p=1 s=sprint 2)

(Reporter)

Description

6 years ago
In the Mozilla Foundation we're working on a system that piggybacks on-top of Persona to provide a single sign on service for our webmaker tools and sites.

We've done a few initial security code reviews on our github repo at https://github.com/mozilla/login.webmaker.org but we've not got it staged so some more tests can be done!

http://webmaker.mofostaging.net/ - there isn't much of a site there yet, but the login works :)

Any problems/questions please let me know, 

Ross
(Reporter)

Updated

6 years ago
Whiteboard: [login.wm.o] c=login
Assignee: mgoodwin → nobody
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [login.wm.o] c=login → [login.wm.o] c=login [triage needed]
Assignee: nobody → fbraun
Whiteboard: [login.wm.o] c=login [triage needed] → [login.wm.o] c=login [pending secreview]
(Reporter)

Comment 1

5 years ago
!!! This app is currently going under a bit of a re-write. Don't review what we currently have up on staging !!!

Will update when it's redone and re-staged.

Sorry for the changes.
(Assignee)

Comment 2

5 years ago
OK, I will defer the review until you are done. Please address the review questions as mentioned in https://wiki.mozilla.org/WebAppSec/Security_Review_Request#Questions_to_Address_within_Request_Body and needinfo?/secreview? me when you want me to start.
(Assignee)

Updated

5 years ago
Status: NEW → UNCONFIRMED
Ever confirmed: false
Whiteboard: [login.wm.o] c=login [pending secreview] → [login.wm.o] c=login [pending secreview][Web]
(Assignee)

Comment 3

5 years ago
What's the status on your rewrite, Ross?
Flags: needinfo?(rossbruniges)
(Reporter)

Comment 4

5 years ago
Heya :freddyb, 

I thought that there was an additional ticket openned up for review of this app. It's now live (can be seen in webmaker.org).

I've also left Mozilla now so probably best to check in with Dave Humphrey (:humph) in regard to the status and want of any sec reviews...
Flags: needinfo?(rossbruniges)
(Assignee)

Comment 5

5 years ago
Well, has this been covered as part of another review?
Flags: needinfo?(david.humphrey)
(Assignee)

Comment 6

5 years ago
Well, has this been covered as part of another review?

(I probably needinfo'd the wrong person)
Flags: needinfo?(david.humphrey) → needinfo?(rossbruniges)
Whiteboard: [login.wm.o] c=login [pending secreview][Web] → [login.wm.o] c=login [pending secreview][Web][score:low]
Whiteboard: [login.wm.o] c=login [pending secreview][Web][score:low] → [login.wm.o] c=login [pending secreview][Web][score:low] u= c= p=1 s=ready
Whiteboard: [login.wm.o] c=login [pending secreview][Web][score:low] u= c= p=1 s=ready → [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=ready
Whiteboard: [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=ready → [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=sprint 2
(Assignee)

Updated

5 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Flags: needinfo?(rossbruniges)
Resolution: --- → FIXED
Whiteboard: [login.wm.o] [pending secreview][Web][score:low] u= c= p=1 s=sprint 2 → [login.wm.o] [completed secreview][Web][score:low] u= c= p=1 s=sprint 2
You need to log in before you can comment on or make changes to this bug.