Jump to content

[TOPIC: topicViewTemplate]
[GLOBAL: userSmallPhoto]
Photo

HTML5 Builds Security Considerations
Started by mor.maslati Mar 19 2019 06:03 AM

- - - - -
2 replies to this topic
html html5 security
[TOPIC CONTROLS]
[/TOPIC CONTROLS]
[modOptionsDropdown]
[/modOptionsDropdown]
[reputationFilter]
[TOPIC: post.html]
#1

mor.maslati

[GLOBAL: userInfoPane.html]
mor.maslati
  • Observer

  • 5 posts
  • Corona SDK

Hello,

 

I'm starting to experiment with Corona HTML5, creating and deploying websites.

 

My question is: Are there any security measures I should be considering?

 

From my (very small) knowledge, in websites the code is exposed to the user. So, developers should avoid keeping keys, passwords and IDs hardcoded in the code. For example, database passwords. Are those exposed in the HTML5 Corona builds? Are there any other security measures to take?

 

Thank you,

Mor



[TOPIC: post.html]
#2

mor.maslati

[GLOBAL: userInfoPane.html]
mor.maslati
  • Observer

  • 5 posts
  • Corona SDK

Anyone...? Rob...?



[TOPIC: post.html]
#3

Rob Miracle

[GLOBAL: userInfoPane.html]
Rob Miracle
  • Moderator

  • 25,786 posts
  • Enterprise

HTML5 builds create a .bin and .data file. I have no clue what's in it. There is a JavaScript loader that starts up the emscripten engine. Any build, Windows, macOS, iOS, Android APK can be downloaded and unpacked and with enough effort by a determined enough hacker.

 

The HTML5 files are not in clear text. So it should be as secure as any other website. Naturally if you do any network.request() type calls, you're going to have to manage the security of them just like any other platform but with the added benefit that JavaScript doesn't allow cross-site scripting. So any REST API calls you make will have to call a script on your server that echo's the API request to the real server.

 

Rob




[topic_controls]
[/topic_controls]

Also tagged with one or more of these keywords: html, html5, security