Web Client Security

Forum to discuss the Web client version of Servoy.

Web Client Security

Postby Westy » Wed Aug 10, 2011 5:56 pm

In Servoy 3.5 through 5.2 Web Client with http, what is the level of security after a user has logged into a solution? Is the data encrypted between the user and the server? Is there a way for an outsider to eavesdrop on data transmitted between the user and the server?

Dean
Westy
 
Posts: 852
Joined: Fri Feb 13, 2004 5:27 am
Location: Lynnfield, Massachusetts USA

Re: Web Client Security

Postby pbakker » Thu Aug 11, 2011 8:59 am

In any scenario where HTTP is used (in general, not just related to Servoy), it is technically possible for someone to intercept the HTTP network traffic and inspect its contents.

When you enable HTTPS, all the network traffic between the HTTP client (browser) and HTTP server gets encrypted, meaning that the person intercepting the network traffic will only see garbled messages.

In the case of the Servoy Web Client it is no different. The extra thing the Servoy Web Client has that makes it more secure is that all the business logic is executed on the Server and in the browser only the UI is rendered in HTML & CSS. So, except for the HTML and CSS nothing is transferred between the client and server. Of course, the HTML includes the rendered data and/or user input.

So, to be 100% safe, it's best to run the Web Client under HTTPS. See http://wiki.servoy.com/display/DOCS/Net ... d+settings for more info on how to set this up.

Paul
pbakker
 
Posts: 2822
Joined: Wed Oct 01, 2003 8:12 pm
Location: Amsterdam, the Netherlands


Return to Servoy Web Client

Who is online

Users browsing this forum: No registered users and 4 guests

cron