![]() But there are still fairly few examples of how to write secure Electron code.Įlectron devs bond at Covalence conference: We speak to those mastering the cross-platform tech behind Slack, Visual Code Studio, etc READ MORE using a preload.js script) to keep Electron’s main process and its access to the Node.js APIs isolated from Electron’s rendering process, which runs web code. Many of the recent security improvements in Electron involve new APIs (e.g. Not only is web technology notoriously difficult to secure, depending on your experience and skill level, but it becomes more so when integrated with Node.js, which has access to the local file system. But it’s not obvious how to secure applications built on the framework, and software created using early versions of Electron probably haven’t been rewritten to implement less vulnerable patterns. It’s possible to write reasonably secure Electron apps, particularly with improvements that have been added in recent releases to address the various issues identified by infosec investigators. The problem is running a local web server and not securing it ![]() It’s relatively easy for software developers to use and it’s rather difficult to secure. ![]() It’s based on the Electron framework, which allows developers to create cross-platform desktop apps using JavaScript, Node.js, and other web technologies. KensingtonWorks, which debuted in January, is an app for customizing the functions of peripherals like Kensington trackballs and mice. ![]() But he downplayed the likelihood of this scenario because it's likely a miscreant will have more success tricking people into downloading and running malware disguised as a Flash Player update than exploiting a fairly uncommon piece of software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |