Results 1 to 4 of 4

Thread: Best Security Approach for Sencha Touch Web Apps?

  1. #1
    Ext JS Premium Member
    Join Date
    Dec 2010
    Posts
    32

    Default Best Security Approach for Sencha Touch Web Apps?

    Hello STers,

    What is the best approach for designing security into a Sencha Touch web application?

    Anyone have a White Paper/Architecture Diagram-Discussion/Suggested Approach to share (or, know where such things can be found)?

    For example, if a publicly-accessible ST Web App intends to capture, store and provide users with reports on their transactions--what is the best/preferred/recommended way to affect end-to-end security for the transactions? E.g., does ST support encryption?

    Your suggestions are welcomed and appreciated.

    Best,
    Plane Wryter

  2. #2
    Sencha Premium Member
    Join Date
    May 2011
    Posts
    66

    Default

    Obviously, you'll want to use SSL/TLS to protect data going across the wire. As far as protecting data stored in LocalStorage, WebSql, etc., encryption seems a logical choice. Since browsers don't have a built-in way to do this, JavaScript devs are stuck rolling their own.

    There is no encryption API in ST as far as I can tell, but there are JavaScript encryption libraries on the web--just Google. And of course you'll want your JS to be obfuscated to make it harder to crack your encryption. In addition to minifying, I suggest also hex-encoding string / numeric values in your JavaScript to hide your encryption key and other values from prying eyes.

    This has been my approach, and of course it is far from bullet proof, but it seems better than not securing locally stored data at all. I'd be interested in hearing others' approaches as well.

  3. #3
    Ext JS Premium Member
    Join Date
    Dec 2010
    Posts
    32

    Default Thanks!

    Thanks, bdvr, for the comments.

    Can you suggest a authoritative source for a "How to Write Your First SSL/TLS App" resource?

    Many thanks!

    Plane Wrtyer

  4. #4
    Sencha Premium Member
    Join Date
    May 2011
    Posts
    66

    Default

    SSL/TLS is more of a deployment concern. As long as your web app uses relative paths, you should be good to go and your web app shouldn't care whether it is being served over http or https. You'll have to read up on whatever web server you're using (Apache, IIS, or whatever) for the specifics of enabling https in that environment.

Similar Threads

  1. Replies: 10
    Last Post: 20 Jan 2012, 10:10 AM
  2. Making Sencha Touch apps offline
    By KPChow in forum Sencha Touch 1.x: Discussion
    Replies: 4
    Last Post: 10 Jun 2011, 1:47 AM
  3. Sencha Touch web apps - on the desktop
    By Frank R in forum Sencha Touch 1.x: Discussion
    Replies: 1
    Last Post: 29 Jul 2010, 7:33 AM
  4. Dashboard app best approach with Sencha Touch
    By gwthompson in forum Sencha Touch 1.x: Discussion
    Replies: 1
    Last Post: 13 Jul 2010, 1:57 PM
  5. Making money out fo Sencha touch apps
    By isit.gd in forum Sencha Touch 1.x: Discussion
    Replies: 4
    Last Post: 21 Jun 2010, 5:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •