Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Introduce Threat model #782
It would be good to know what attacks/threats were already considered in the current design and how they should be prevented. Additionally it would make sense to add those which were left out or are not considered at the moment.
Maybe this could be done in the context of a wiki page.
Threat related Issues
Being forced to do something:
Application Storage Security:
Application Runtime Security
Denial of Service
Dependencies (e. g. other libraries)
(Leak of) Personal Identifyalbe Information (PII) / Privacy:
Communicating/Showing Security related Issues
There have been a few blog posts on this topic.
I would argue that "#2761 Make disabling passphrase password protected" should be extended. Maybe an option that will immediately lock storage upon entering privacy settings, requiring the passphrase to change anything in the privacy settings and unlock the store again.