Closed
Bug 547048
Opened 15 years ago
Closed 15 years ago
Only allow clients to issue delete records
Categories
(Firefox :: Sync, defect)
Firefox
Sync
Tracking
()
RESOLVED
FIXED
1.2
People
(Reporter: Mardak, Assigned: Mardak)
References
Details
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
mconnor
:
review+
|
Details | Diff | Splinter Review |
Right now delete is an empty payload, but the server can send that for any record. We can ensure that the client issued the delete by encrypting the payload.
Would it be okay to just tag the data as delete in plaintext for the server to clean, but still somehow prove that only somebody with access issued the delete?
A bonus would be to avoid replay deletes too.
|
Assignee | |
Updated•15 years ago
|
Flags: blocking-weave1.2+
Summary: Only allow clients to issue delete records but allow servers to clean them up → Only allow clients to issue delete records
Target Milestone: --- → 1.2
|
|
Assignee | |
Comment 1•15 years ago
|
||
|
|
Assignee | |
Updated•15 years ago
|
|
|
Assignee | |
Comment 2•15 years ago
|
||
Attachment #430776 -
Attachment is obsolete: true
Attachment #431449 -
Flags: feedback?(edilee)
Attachment #430776 -
Flags: review?(mconnor)
|
|
Assignee | |
Updated•15 years ago
|
Attachment #431449 -
Flags: feedback?(edilee) → review?(mconnor)
|
||
Updated•15 years ago
|
Attachment #431449 -
Flags: review?(mconnor) → review+
|
|
||
Updated•15 years ago
|
Whiteboard: [has patch][has review]
|
|
Assignee | |
Comment 3•15 years ago
|
||
http://hg.mozilla.org/labs/weave/rev/c8d528f14dab
Don't specially serialize/not encrypt delete records and store the deleted flag as part of the cleartext payload.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [has patch][has review]
|
||
Updated•6 years ago
|
Component: Firefox Sync: Crypto → Sync
Product: Cloud Services → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•