[Web4lib] Firefox plug-in update security issues and Zotero
Salvatore Vassallo
salvatore_vassallo at tin.it
Sun Mar 23 12:55:05 EDT 2008
> My most popular plug-in is Zotero which updates from their own
> site. Anyone know if the update is done with an SSL-secure
> site?
Yes, Zotero already follows new rules on secure updating[1].
Infact updateUrl uses https, updateLink doesn't point to http, but
includes an updateHash [2]
--
Salvatore Vassallo
[1] http://developer.mozilla.org/en/docs/Extension_Versioning%2C_Update_and_Compatibility#Securing_Updates
[2] https://www.zotero.org/download/update.rdf
More information about the Web4lib
mailing list