Web apps built with the traditional tools (HTML, JavaScript, CSS, etc.) are nothing more than a series of text files and thus not very secure. Once a hacker gets into a server, they can steal your code or modify it. One big advantage web apps built with Xojo have is that Xojo compiles your app to machine code so there’s no code on your server to steal. Additionally, the overwhelming majority of hackers have no experience with machine code, so modifying your app to do something nefarious can be extraordinarily difficult.
Comments closedCategory: Security
We’ve occasionally heard from Xojo users that their anti-virus software gives them a warning about Xojo. All of these have been false positives and we ask that you report these to your virus software makers if it happens to you.
If you do any work with private/public key cryptography, the addition of the Crypto library last year made it finally possible to create and verify digital signatures as well as encrypt and decrypt data. Using keys with other systems requires a little more work to convert them to and from the PEM format.
Comments closedThis week we have seen another example of why you can’t be too paranoid about Internet security.
Code Spaces, a company that specializes in svn hosting (hosting your source code so your team can access it) announced that their servers were hacked big time. Apparently, the perpetrator began with a Denial of Service Attack then gained access to Code Spaces’ Amazon EC2 account. He or she then contacted Code Spaces via email in an attempt to extort a large fee to stop the attack. When the folks at Code Spaces attempted to take back control of their Amazon EC2 account, the hacker deleted all of their data including backups and off-site backups. Unable to recover, Code Spaces has made the decision to shutdown completely. The cost of the attack is just too great to continue.
Comments closedAs you may be aware, the “Heartbleed” bug in OpenSSL has made the rounds across the internet. As soon as it was disclosed this week we began an investigation to see where we were impacted. Xojo.com services were updated and our SSL certificate was quickly reissued. Xojo Cloud servers were also rapidly updated. This does mean that (like many sites) we were potentially vulnerable for a time until the patch was released.
Comments closedThis week, a major vulnerability, referred to as “Heartbleed” was discovered in OpenSSL. Bruce Schneier, who blogs about Internet security, called it, “catastrophic” and “on the scale of 1 to 10, this is an 11.” Heartbleed has left just about anyone with a server scrambling to find out if their version of OpenSSL is affected or not and then taking measures to update OpenSSL and make sure everything is working again.
Comments closedXojo Cloud is now available with plans starting at just $49 per month for a fully managed and secure cloud server for running your Xojo web apps. What does this mean for your web apps?
Comments closedXojo 2013 Release 4.1 added a variety of RSA encryption functions for handling public/private key encryption. Here’s how you use them.
Comments closed