cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Georgiev <mgeorg...@utexas.edu>
Subject Re: [Android] SecureToken/NoFrak feature addition
Date Fri, 31 Jan 2014 19:08:42 GMT
On Fri, Jan 31, 2014 at 1:01 PM, Andrew Grieve <agrieve@chromium.org> wrote:
> I don't think there's a chicken and egg problem:
> State 0 - Native has no token, JS has no token
> State 1 - JS in main frame include cordova.js
> State 2 - JS in main frame generates a token, and provides it to native
> State 3 - Native, not already having a token, accepts it and saves it.
>
> Now both JS and native have the same token in memory without needing to go
> through localstorage.

I read the above as:

State 0 - Native has no token, JS has no token
State 1 - JS in iframe include a modified cordova.js
State 2 - JS in iframe generates a token, and provides it to native.
State 2' - Due to frame confusion in some configurations the token is
visible to anyone.
State 3 - Native, not already having a token, accepts it and saves it.

Now both JS (both originator and attacker, any pretty much anyone who
wanted it) and native have the same token in memory without needing to
go through localstorage.

Mime
View raw message