Linked by snydeq on Tue 16th Aug 2011 16:46 UTC
Web 2.0 InfoWorld's Peter Wayner discusses the 11 hard truths Web developers must accept in making the most of HTML5 -- especially those who are looking to leverage HTML5 in hopes of unseating native apps. 'The truth is, despite its powerful capabilities, HTML5 isn't the solution for every problem. Its additional features are compelling and will help make Web apps formidable competitors for native apps, but security issues, limitations of local data storage, synchonization challenges, and politics should have us all scaling back our expectations for the spec.'
Thread beginning with comment 485392
To read all comments associated with this story, please click here.
Insecurity through inobscurity?
by FunkyELF on Tue 16th Aug 2011 21:15 UTC
FunkyELF
Member since:
2006-07-26

They're basically saying HTML5 is insecure because javascript is plaintext.

This has to do with the program design and not the choice of HTML for the implementation.

They use Facebook and GPS location as an example.
In the end, you're relying on the phone to tell the truth. This is true whether it goes through a Javascript layer or is programmed natively. These things can be spoofed at a hardware, OS or driver layer upstream or the communications layers downstream.

If these locations need to be relied upon you need to control the entire stack beginning with tamper-proof hardware strapped to someone's ankle. Things which you cannot control, say cellular communications, need to be encrypted and the locations need to be signed.
And even then, you need to make sure that the person's foot is still attached ;-)

Reply Score: 4