Results 1 to 3 of 3

Thread: Best ST Security Guide or Practices?

  1. #1
    Ext JS Premium Member
    Join Date
    Dec 2010
    Posts
    32

    Default Best ST Security Guide or Practices?

    Fellow STers,

    Based on your experience, what is the best published guide regarding designing and developing secure Sencha Touch applications?

    • Or, does anyone have "Good, or Best" Practices they'd share?


    Like many on this Forum, I'm working on an ST-centric app (with a PHP backend) that has distinct security implications & needs (e.g., secure login; encrypted two-way data-exchange; encrypted data-storage; protected PHP endpoints)...seems that many of us would benefit from using well-proven security practices.

    Many thanks in advance for your assistance!

    Best regards,
    Plane Wryter

  2. #2

    Default

    Using SSL is always a good idea. You really want to use some sore of encryption scheme to prevent man-in-the-middle attacks. SSL is an easy first step, and one that many web developers will already be comfortable using.

    As far as storing sensitive info client side, I'd recommend not doing it. Keep all the secure stuff server side, and just pass SSL encrypted json when necessary. Client side storage will always be insecure.

    As far as server side recommendations go (in your case the php scripting), you want to program defensively, and work to prevent XSS (cross site scripting) attacks. The bulk of your security should be server side. You can obscure and minify your code, and prevent some people from figuring out how it works, but client side script by nature is insecure.

  3. #3
    Sencha User siebmanb's Avatar
    Join Date
    Aug 2011
    Location
    Geneva (CH) - Grenoble (FR)
    Posts
    253

    Default

    But then how do you avoid asking constantly your user to log in ? From what you say, I guess you have no choice, do you ?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •