Archived
This forum has been archived. Please start a new discussion on GitHub.
Security of Ice vs. HTML 5
I've been reading about potential security problems in HTML 5, such as WebSockets, the FileAPI, and the difficulty of scanning the stuff coming into your browser for bad stuff. Is a binary protocol such as Ice inherently more secure (particularly if it is encrypted with SSL), or do some of the same issues exist?
0
Comments
-
Hi Mark,
Can you be more specific about your security concerns?
Regards,
Jose0 -
I don't have any particular concerns in anything I'm doing, just wondering how security with something like Ice compares to HTML 5.0
-
Web Sockets are a low level protocol, an application that directly uses Web Sockets needs to handle many things, if that things are done incorrectly they can become a security issue for the application.
Amount others if you directly use Web Sockets, you need to handle:
Message types: Your application will need to define some way of marshal/unmarshal the data, and what messages are valid.
Dispatch: You will need to implement some kind of dispatching to handle messages.
Type System: Sever / Client must agree in data representation
And these are just a few of the issues Ice protocol handle, Ice also has high level features like IceSSL and Glacier2, that simplifies application security.
Being a binary protocol isn't inherently more secure, but being a high level protocol allow to easy create more secure applications.
Being binary is about efficiency not about security, but Web Sockets also allow to send binary data.
Using SSL is clearly more secure than TCP, but Web Sockets also allow SSL endpoints.
In theory will be possible to create a port of Ice targeting Web Sockets so you can have both.0
