TomSoft

Mobile Ajax and security

  Does security will raise some complex issue for Ajax based app?

 One of the benefits of Ajax is that the “application” does not reside on the client, but is downloaded each time you access to the server eventually with some caching mechanisms. This mean that transparently the application can evolve, include new features, etc…

 One of the well know weakness of browser based app, is the fact that these application can not access to local resources of the device, like Bluetooth, address book, GPS, etc…

 One of the possible (and probable) evolutions will be to provide some specific API to these applications to access to local resources. Fine, but this raises more the security problem: would you give an unlimited right to any browser app to access to your private data? Of course no, but then, how to manage this: by providing a certificate per session? But disabling access to this device?

  For downloaded app, the solution as been solved by putting a certificate mechanism. This provides some advantage, as only the “trusted” application can be downloaded. The disadvantage is that it’s very costly, in
terms of money, time . But in all cases, this can not be applied directly to Ajax based app…

  I have no clue on how this will be solved, I am just worried to this issue has not been addressed by promoters of the “full Ajax” solutions for mobile…

Technorati Tags: mobile ajax, mobileajax, ajax, javame, flashlite

Technorati Tags: mobile ajax, mobileajax, ajax, javame, flashlite

2 comments April 17th, 2006