Security features of Notification Center
OpenFin Notification Center offers the following features to support application security:
- Desktop owner control
- Application identity
- Limited HTML
Desktop owner control
OpenFin Notification Center is configured and controlled by the desktop owner. When Notification Center is configured correctly, applications are forced to use the version of it that the desktop owner has defined. As a result, a vendor or internal app is not able to launch a newer or older version than the one approved by your internal controls.
When an application launches a notification, Notification Center uses the app’s manifest to determine its identity. Therefore, an application cannot pretend to be something other than itself. This strategy enables a few key security features.
An application does not provide an application name when it creates a notification; instead, the name is read from the application's manifest. As a result, an application cannot generate a notification pretending to be from a source that it is not, thereby causing data leakage.
No access to other apps' notifications
An application has two ways to access notifications that have already been created:
- Ask for notifications that it has created.
- Ask for a notification by ID.
In the first case, Notification Center returns only notifications created with that app’s identity, and not by other applications. Therefore, a vendor can’t browse the notifications of other applications. In the second case, where an app queries by the ID of the notification, a good strategy is to use UUIDs so that other applications can’t guess the IDs used by your application.
OpenFin Notification Center does not allow arbitrary HTML to be used for notifications: the data format is JSON. Therefore, an application vendor cannot inject HTML that contains script elements and run non-OpenFin code in its Notification Center app.
Updated 6 months ago