lockbox-datastore icon indicating copy to clipboard operation
lockbox-datastore copied to clipboard

Published 20 hours ago verified publisher icon mozilla-lockwise

Limit data included when retreiving the list of items to limit exposure

Open linuxwolf opened this issue 7 years ago • 0 comments

The current implementation of list() returns all of the data for all of the items. There are security benefits to only providing all data for all items when that data will be explicitly used.

Considerations

  • Opt-in for more vs. Opt-out for less
  • Migration plan for existing consumers

linuxwolf avatar Mar 06 '18 21:03 linuxwolf