Hello,
I’m starting to experiment with Corona HTML5, creating and deploying websites.
My question is: Are there any security measures I should be considering?
From my (very small) knowledge, in websites the code is exposed to the user. So, developers should avoid keeping keys, passwords and IDs hardcoded in the code. For example, database passwords. Are those exposed in the HTML5 Corona builds? Are there any other security measures to take?
Thank you,
Mor
Anyone…? Rob…?
HTML5 builds create a .bin and .data file. I have no clue what’s in it. There is a JavaScript loader that starts up the emscripten engine. Any build, Windows, macOS, iOS, Android APK can be downloaded and unpacked and with enough effort by a determined enough hacker.
The HTML5 files are not in clear text. So it should be as secure as any other website. Naturally if you do any network.request() type calls, you’re going to have to manage the security of them just like any other platform but with the added benefit that JavaScript doesn’t allow cross-site scripting. So any REST API calls you make will have to call a script on your server that echo’s the API request to the real server.
Rob
Anyone…? Rob…?
HTML5 builds create a .bin and .data file. I have no clue what’s in it. There is a JavaScript loader that starts up the emscripten engine. Any build, Windows, macOS, iOS, Android APK can be downloaded and unpacked and with enough effort by a determined enough hacker.
The HTML5 files are not in clear text. So it should be as secure as any other website. Naturally if you do any network.request() type calls, you’re going to have to manage the security of them just like any other platform but with the added benefit that JavaScript doesn’t allow cross-site scripting. So any REST API calls you make will have to call a script on your server that echo’s the API request to the real server.
Rob