Closed
Bug 930619
Opened 12 years ago
Closed 12 years ago
SecReview: mod_authn_persona
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gozer, Assigned: kang)
References
Details
- Who is/are the point of contact(s) for this review?
Philippe M. Chiasson <gozer@mozilla.com>
- Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.)
An apache module that performs Persona logins
- Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
It's all on github here : https://github.com/gozer-mozilla/mod_authn_persona
- Does this request block another bug? If so, please indicate the bug number
Nope.
- This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
Somewhat urgent, as it will allow us to roll this out on a lot of sites.
- To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal?
Yes, the SSO goal
Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
- Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
Not directly, no.
- Are there any portions of the project that interact with 3rd party services?
Yes, the assertion verification part uses https://login.persona.org/verify
- Will your application/service collect user data? If so, please describe
Nope, except for logging the e-mail address of authenticated users, just like the LDAP authentication currently does.
|
||
Updated•12 years ago
|
Assignee: nobody → gdestuynder
|
|
||
Updated•12 years ago
|
Whiteboard: [pending secreview] → [triage needed]
|
|
Assignee | |
Comment 1•12 years ago
|
||
review is in progress
|
|
||
Updated•12 years ago
|
Whiteboard: [triage needed]
|
|
Assignee | |
Comment 2•12 years ago
|
||
sec review meeting w/gozer planned thursday, 31, 11AM PDT.
|
|
Assignee | |
Comment 3•12 years ago
|
||
moved to 1PM PDT
|
|
Assignee | |
Comment 4•12 years ago
|
||
moved to friday, 01, 10AM PDT - :gozer wasn't available today
|
|
Assignee | |
Comment 5•12 years ago
|
||
Sec review notes: https://etherpad.mozilla.org/modpers
|
|
Reporter | |
Comment 6•12 years ago
|
||
As an aside to the sec review notes, I made a code branch for this security review, it's here:
https://github.com/gozer-mozilla/mod_authn_persona/tree/secreview-2013-11-01
And all security issues have been remediated on that branch.
|
|
Assignee | |
Comment 7•12 years ago
|
||
note: using SA as bug component as I couldn't find any proper component for the remediation bugs. Sorry for the automatic CC spam ;-)
|
|
Assignee | |
Comment 8•12 years ago
|
||
Additional links:
Project doc: https://mana.mozilla.org/wiki/display/SpecOps/Labs+Project+-+mod_auth_persona
Review etherpad: https://etherpad.mozilla.org/modpers
This review will be considered completed/solved when this bug (bug 930619) and it's dependencies are resolved.
|
|
Assignee | |
Comment 9•12 years ago
|
||
making resolved as review is done
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•