On Thu, Dec 20, 2012 at 5:49 AM, Gervase Markham <[email protected]> wrote: > On 20/12/12 10:12, Jonas Sicking wrote: >> >> Sorry to have dropped this thread. >> >> Requiring SSL wouldn't really help us anyway. The problem we are >> trying to protect against with signing is if the web server gets >> hacked. Web servers are generally fairly complex and are hard to >> protect. We should create an application update mechanism where the >> ability to hack a webserver is all that stands between the attacker, >> and the ability to automatically get millions of people to >> automatically get updated to applications that are running malicious >> code. > > I assume there's a "not" missing in there somewhere? :-)
Yes :) We should *not* create an application update mechanism where the ability to hack... So the short of it is that SSL only partially helps. And so we want to sign the application code (and at least some of the application data) in such a way that hacking the store webserver buys the attacker as little as possible. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
