Feature Ideas: Difference between revisions

From GNU MediaGoblin Wiki
Jump to navigation Jump to search
(Extract all the old security related ideas from #361(csrf))
Line 15: Line 15:
* Copy (some) metadata from the full‐size image into the smaller versions. If possible (according to metadata formats), add a note to them that they are not exactly the original.
* Copy (some) metadata from the full‐size image into the smaller versions. If possible (according to metadata formats), add a note to them that they are not exactly the original.
** [http://bugs.foocorp.net/issues/381 #381]: exif data handling for users (about privacy)
** [http://bugs.foocorp.net/issues/381 #381]: exif data handling for users (about privacy)

=== Security related ideas / Features ===
* DONE: CSRF ([http://bugs.foocorp.net/issues/361 #361])
* <code>X-Content-Type-Options: nosniff</code>
*: Served pages have the content-type set. And the browser should not be allowed to guess a different type. See: [https://bugzilla.mozilla.org/show_bug.cgi?id=471020 Firefox bug #471020]
* "Content Security Policy" (CSP) might really be a good add on to have. Noone should rely solely on this, but it might make things a lot safer if other security guards fail.
*: A simple allow 'self' might already get a lot of things better.
*: [https://developer.mozilla.org/en/Security/CSP/Introducing_Content_Security_Policy Link1] [https://developer.mozilla.org/en/Security/CSP/CSP_policy_directives#options Link2]
* Possibly disallowing pages to be shown in frames.


=== Long term things that ''might'' happen ===
=== Long term things that ''might'' happen ===

Revision as of 19:27, 4 October 2011

Introduction

There are many features that one can think of for MediaGoblin. Some should be implemented really soon, because they are needed right now. Other features would be nice to have, but are currently really hard to implement. And finally there are the Feature Ideas that can be classified as "brain storming".

This wiki page is mostly for long term feature ideas. This specifically means there are no promises that anything listed here will ever happen. It means nobody is currently working on this feature.

If you have an idea for a new feature, that is not listed here or in the Bug Tracker, please talk to some developers, or add it below in the "Yet Unsorted Ideas" section. If you really think, that your idea is extremely important and needs to be acted upon soon, you could file a bug.

The List

If there is a bug (closed or open), please link to it.

Yet Unsorted Ideas

Put your new ideas here:

  • Two federation ideas
  • Copy (some) metadata from the full‐size image into the smaller versions. If possible (according to metadata formats), add a note to them that they are not exactly the original.
    • #381: exif data handling for users (about privacy)

Security related ideas / Features

  • DONE: CSRF (#361)
  • X-Content-Type-Options: nosniff
    Served pages have the content-type set. And the browser should not be allowed to guess a different type. See: Firefox bug #471020
  • "Content Security Policy" (CSP) might really be a good add on to have. Noone should rely solely on this, but it might make things a lot safer if other security guards fail.
    A simple allow 'self' might already get a lot of things better.
    Link1 Link2
  • Possibly disallowing pages to be shown in frames.

Long term things that might happen