Mobile Ajax and security

April 17th, 2006

  Does security will raise some complex issue for Ajax based app?

 One of the benefits of Ajax is that the “application” does not reside on the client, but is downloaded each time you access to the server eventually with some caching mechanisms. This mean that transparently the application can evolve, include new features, etc…

 One of the well know weakness of browser based app, is the fact that these application can not access to local resources of the device, like Bluetooth, address book, GPS, etc…

 One of the possible (and probable) evolutions will be to provide some specific API to these applications to access to local resources. Fine, but this raises more the security problem: would you give an unlimited right to any browser app to access to your private data? Of course no, but then, how to manage this: by providing a certificate per session? But disabling access to this device?

  For downloaded app, the solution as been solved by putting a certificate mechanism. This provides some advantage, as only the “trusted” application can be downloaded. The disadvantage is that it’s very costly, in
terms of money, time . But in all cases, this can not be applied directly to Ajax based app…

  I have no clue on how this will be solved, I am just worried to this issue has not been addressed by promoters of the “full Ajax” solutions for mobile…

Technorati Tags: , , , ,

Technorati Tags: , , , ,

Entry Filed under: FlashLite, JavaME, MobileAjax, MobileWidgets, Wireless

2 Comments Add your own

  • 1. C. Enrique Ortiz  |  April 17th, 2006 at 6:21 pm

    Agreed.

    I recently wrote about this on my last response to Ajit’s Mobile Ajax… there I wrote “do I now need to sign my browser app as well?”…

    You got it, this opens a whole new can of worms - or same can of worms, but now for browser-based apps.

    Enrique

  • 2. Scott Penberthy  |  May 28th, 2006 at 3:05 pm

    Mobile widgets are a great idea! I started down this path last spring at a little company I called “Bling Software.” Its a tongue-in-cheek name for software that adds “bling” or fun accessories to your phone.

    The URL has a cheeky demo, a hello world version of our software running on a phone. We have little Konfabulator-style widgets running on CDMA phones, and will have a GSM version shortly. Its a lot of fun. A small carrier has become our first licensee, and several brands are kicking the tires.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Calendar

August 2008
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031

Archives

  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007

    • Most Recent Posts

    Most Recent Comments