Would like to seek for advise regarding is Ionic PWA safe as server-side coding.
Will user able to hijack Ionic PWA code / function?
Is it save to perform secure transaction like login with different privilege, manipulate data, place order using Ionic PWA.
Really appreciate for open discussion / advise.
Welcome to SO!
Realize that Ionic framework and PWA are only for Client side.
As any Client side code, an attacker can inspect it however they like and mess with it on their machine, reverse engineer it, etc. But that would mainly give them control on their locally installed app.
You are free to implement any Server technology and configuration as Backend for your Ionic PWA Client app.
That is where (almost) all security features belong.
Once you have proper security in your backend, any Client side code will do, as long as you also implement security features to prevent e.g. XSS, communication interception, etc. In this regard, you can implement them just the same whether Ionic and/or PWA or not.
Related
I am looking for information on how to disable/enable other apps with Ionic. Or even block the network communication of another app through a button in my ionic app.
Is this possible with Ionic? What plugins or tools should I look for?
Thank you!
Such privileges in general are reserved with the system (operating system) and each app including ionic-cordova hybrid would run in a "sandbox" and app 2 app APIs are normally not common or not available/exposed.
There was an attempt to do app2app API with windows phone but failed.
So at best you could try leverage app specific schemas to let OS know you want external app to do something. But definitely you can't control other app's behavior like you described (was possible in early days of Android actually I think)
Let say were starting a website from the ground up and want to also create apps.
Could you just create the website with a REST API's and have it work on browser and PhoneGap? Would there be a conflict with Cordova plugins you may use?
So the design is responsive and its all HTML, CSS and Javascript and connects to a REST API (log in, reg, messages, db calls, etc) for the browser website and apps.
This way you can use the same code for everything and can still use some of the great Cordova plugins for the app to make it more flexible.
Would this work?
I posted this answer else where but I think it is relevant here.
Unfortunately for your app to pass Apple App store approval it will have to provide some basic functions and display correctly without an internet connection. This means at a minimum, if you plan to generate content on a server you will probably need the Cordova plugin for network information:
https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-network-information/
I would make sure you are familiar with the Apple Human Interface Guidelines:
https://developer.apple.com/ios/human-interface-guidelines/overview/design-principles/
You will probably also need to bundle any JavaScript. Apple is very picky about apps that download code (this can include JavaScript).
This is a section from the iOS developer Agreement.
3.3.2 Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exceptions to the foregoing are scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store.
Another big concern is performance. How will your app handle a poor 3G or even 2G connection? Do you need to cache the responses from the API and only download them if they have changed on the server?
If a user is browsing your website on a browser they know they need an internet connection, if they are using your app they want it to work when online and offline.
Edit
Apple commonly uses this reason for rejection for website only apps.
We found that the experience your app provides is not sufficiently different from a web browsing experience, as it would be by incorporating native iOS functionality.
While your app content may differ from your web site or other existing sites, the experience it provides does not differ significantly from the general experience of using Safari, as required by the App Store Review Guidelines.
Aren't both necessarily the same thing? While frameworks seem to have extra features to help ease development?
A web server is a program that takes a request to your website from a user and does some processing on it. Then, it might give the request to your Rails app.
An app server is the thing that actually runs your Rails app.
See more in http://www.justinweiss.com/articles/a-web-server-vs-an-app-server/
Is it possible to integrate Worklight hybrid apps to IBM Forms ?
Or is it at least possible to invoke a remote web page url during (not startup) app usage and return to the app on completion using some page events.
Btw, I'm aware of the Forms -> Portal -> Worklight integration. But that too seems to be when the entire app is just a container for the Portal web application.
Regards.
Not sure exactly what is supposed to happen after you "invoke the remote web page", so w/out knowing this I can think of right now two approaches:
Use Cordova's InAppBrowser to open an external URL w/out exiting the application
See this training module: Integrating server-generated pages in hybrid applications (sample app)
There are a number of different ways to include/launch server side content in a Worklight app. The challenge is always communication between the Worklight app and the server side app.
Putting the server side content in an IFrame allows message passing between the server based app and the worklight app, but IFrames work very badly on mobile platforms. You end up with all sorts of scrolling, layout and scaling headaches.
If direct communication isn't required, then there are a number of options that are fairly easy to implement. I have a blog post looking at different methods of including server side content in a Worklight app here.
I am trying to do web apps using PhoneGap framework for iOS. I need to know whether PhoneGap loads page from server or not, I mean , can I use server side scripting language like php, pyhon, etc?
And if I used those scripting language, can I use phone native feature like camera?
Also for data storage there may be feature, I heard opendatabase can be used for online / offline database. Please anyone help me to figure out these things.
Waiting for good answer.
Thanks
Server side scripts cannot be loaded from within the app, however you can certainly call out to PHP, Python, etc running on a server from the app using AJAX, XHR, etc.
I gave an example in the question below:
How can get value in phonegap which is returned by php class?