Answering inline. I hope the mail app doesn't break indentation :).
On 13/08/2012 7:59, Lucas Adamski wrote:
Please reply to [email protected]. ==WebPayment API== References: *https://wiki.mozilla.org/WebAPI/WebPayment *https://bugzilla.mozilla.org/show_bug.cgi?id=767818 Brief purpose of API: Allow apps (including the Marketplace) to initiate in-app payments and refunds. General Use Cases: *Buy an app via the Marketplace *Get a refund for a purchase via the Marketplace *Buy an item from within a 3rd party app *Initiate a refund for an item bought in a 3rd party app Inherent threats: *Trick a user into paying for something they didn't want *Trick a user into paying something more than once (i.e. replay attacks) *Charge a user more than they expect for a purchase *Force a refund for a different app or user than expected, thereby disabling it
All of those threats are a payment provider addressable threats (and in fact I think only the payment provider can address them). It's assumed than the payment provider will show the user information about what he's *really* going to pay, and it is going to ask for authorization for each and every payment. So even if a malicious developer shows an incorrect price and/or tries to process a payment several times, the payment provider will show the correct quantity on his payment letter (screen that shows the user what he's buying and for how much) and will ask for confirmation every time. The same goes for refunds actually. And if the payment provider doesn't fill his role correctly... Well, then all bets are off. They don't even need to re-process payments, they have all your payment information and can make new charges directly.
Threat severity: High == Regular web content (unauthenticated) == Use cases for unauthenticated code: Same Authorization model for normal content: None? Authorization model for installed content: Implicit Potential mitigations: System notification of all purchases == Privileged (approved by app store) == Use cases for privileged code: Same Authorization model: Implicit Potential mitigations: Same == Certified (system-critical apps) == Use cases for certified code: Same Authorization model: Implicit Potential mitigations: Same _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g .
________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
