Home Comments

Security of Ice vs. HTML 5

mwilsonmwilson Member Mark WilsonOrganization: Integrated Computer Solutions, Inc.Project: TBD ✭✭✭
I've been reading about potential security problems in HTML 5, such as WebSockets, the FileAPI, and the difficulty of scanning the stuff coming into your browser for bad stuff. Is a binary protocol such as Ice inherently more secure (particularly if it is encrypted with SSL), or do some of the same issues exist?

Comments

  • xdmxdm La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Hi Mark,

    Can you be more specific about your security concerns?

    Regards,
    Jose
  • mwilsonmwilson Member Mark WilsonOrganization: Integrated Computer Solutions, Inc.Project: TBD ✭✭✭
    I don't have any particular concerns in anything I'm doing, just wondering how security with something like Ice compares to HTML 5.
  • xdmxdm La Coruña, SpainAdministrators, ZeroC Staff Jose Gutierrez de la ConchaOrganization: ZeroC, Inc.Project: Ice Developer ZeroC Staff
    Web Sockets are a low level protocol, an application that directly uses Web Sockets needs to handle many things, if that things are done incorrectly they can become a security issue for the application.

    Amount others if you directly use Web Sockets, you need to handle:

    Message types: Your application will need to define some way of marshal/unmarshal the data, and what messages are valid.
    Dispatch: You will need to implement some kind of dispatching to handle messages.
    Type System: Sever / Client must agree in data representation

    And these are just a few of the issues Ice protocol handle, Ice also has high level features like IceSSL and Glacier2, that simplifies application security.

    Being a binary protocol isn't inherently more secure, but being a high level protocol allow to easy create more secure applications.

    Being binary is about efficiency not about security, but Web Sockets also allow to send binary data.

    Using SSL is clearly more secure than TCP, but Web Sockets also allow SSL endpoints.

    In theory will be possible to create a port of Ice targeting Web Sockets so you can have both.
Sign In or Register to comment.