Xojo does not allow direct object references in this manner so it would be impossible for such a security hole to be created. Users are admonished to not share credentials and reset their credentials or request the HelpDesk to do so if they think they have been compromised. User authentication utilises hashed values over an encrypted connection. Xojo does not have authentication routines to compromise and session tokens are automatically protected from theft. Also, because the developer doesn’t work in HTML or JavaScript, there’s no way for the developer to accidentally create this security breach.īroken Authentication/Broken Access Control As a result, the user cannot inject HTML into a page. Xojo web apps can’t be used for this purpose because all data sent to the browser is automatically escaped. This takes the values to be used in a query and sends them separately to the database server so that it can determine if the values are valid or contain SQL.Īll user-initiated updates use prepared statements Xojo provides developers with prepared statement support for database access.
While a few of these issues require the developer to be more diligent, most cannot be used to hack into a web app created with Xojo. The Open Web Application Security Project (OWASP) provides information on web app security and posts a list of the top 10 web app security issues. This is, at the least, an order of magnitude far more difficult than hacking HTML, JavaScript, CSS, AJAX, and PHP or Java source code.
In order for someone to alter such a web app they would have to be very familiar with x86 assembly code and be willing to spend a lot of time tracing through that code. Xojo web apps are compiled to binary code so that source code is not stored on the server. If someone gains access to that server, they gain access to the source code. Most traditional web development languages are interpreted, meaning the web app is a set of files on a server. GoPayroll and our other products are web applications developed and supported by SmoothPay Limited using a development platform called Xojo. SmoothPay's web apps are serious about security. Because web apps are accessible to any number of online users, the security of web apps is paramount.
0 kommentar(er)
