Here is a newbie with many questions about security


#1

I use electron to create a application, it’s contain a little browser.
This browser have two way to execute web page:

  1. one way is “nodeintegration”(like setting page)
  2. other way is normal web browser to display page without any require or somethings.
    that’s mean web site owner can’t execute “rm -rf /” to client :sweat_smile:

And this two page must contain to one webview tag.

I wanna know how atom editor’s creator make this thing perfect.
And i wanna know more about web security.

Please, if i can’t know that all, i’ll afraid to use electron.


#2

Umm try to find something perfect for me is a little difficult and like all software have strong points a weakness points, i think that electron is only a way to create apps for cross platforms but the security not is only part of electron ur app need to have some security too.

Always people found some bug or issue in electron u have the github or here to work with people to fix that. this community is very active and i think that is something very nice.

if u want u can see who are using electron and maybe that get u some confident.


#3

Maybe i not really understand your talk, but i know something…

First, maybe i’m don’t need to care about security in my little works. And like the Node on Server side, never allow user submit script run in server. So i need spilt different webview to run local setting page and webpage.

Another is someone hedging this questions, because that’s not tech questions, it’s a philosophy question, like “Who manage master password on a server cluster” or “If internet broken how we works like now”?

I learned one thing is, becare to display “Webpage” on Electron both Webview tag & iFrame. Show webpage on a specific webview/iframe or don’t show it.

Whatever, thanks for reply :smile:


#4

I get your point but any ways when i wrote here about security was because actually if i have to create an app with electron that will consume services from a server i think the most part of security will have in the server side and this can be implemented in any language actually.

Now if u will create an app that not need communicate with a server is another thing, u will now that the user will work with his own data and if he want hack ur app he only will have access to his own data. To me in my personal opinion work with language so comuns like html, css, javascript is more easy get people with some knowledge to debug ur app in this case.