Web application protection

DecSoft NeoPlugins put your VisualNeo projects into another level with +1,000 new actions for your apps.

Apache Cordova's official plugins are supported out of the box and there are hundreds of plugins ready to use.

Save time, resources and money creating apps for Android, iOS and more with the same base of code.

Take a look at our YouTube channel and subscribe to be notified about new videos!

Create modern HTML apps and games at another level making things impossible to do even by modern HTML apps and games.

Create multiplatform apps with DecSoft App Builder, including Android and iOS with the same base of code.

DecSoft NeoPlugins are available in both runtime and designtime flavours to keep your apps as small as possible.

DecSoft HTML Compiler include a convenient Command Line Compiler, so you can compile your apps from the console.

DecSoft App Builder include a convenient Command Line Compiler, so you can compile your apps from the console.

Take a look at some frequently asked questions about us and our products!

Save money by purchasing our NeoPlugins bundles. Five, Ten and even the complete NeoPlugins collection at an incredible price!

Compile, convert your modern HTML apps and games into Microsoft Windows executable programs without dependencies.

Design for small screen devices but deploy also (without changes) in larger devices like tablets.

Create apps and expand their capabilities by using the world's popular programming language: Javascript.

DecSoft HTML Compiler is easy to use: set your project's options and compile your apps and games in a nutshell.

DecSoft App Builder integrates an Open AI assistant in order to assist you while developing your apps.

Guest

Hello,
I would like to know how other members here are dealing with web application protection.
I am developing a small web application with App Builder.
I need to have a login screen where users will enter their user names and passwords.
Validation process is handled by a web service.
From App Bulder I need to set a global variable ( like a session variable).

SetVar "[MyResponse]" "[NewClient.Response]" "String"</p>
<p>If "[MyResponse]" "==" "NotGood"<br>  SetVar "[AppMessage.Text]" "Connection refused. Please check your login and password" "String"<br>Else<br>  SetVar "[App.Mysession]" "Connected" "String"

Later on the next page I need to check the App.Mysesion to make sure the user is connected.

I am not sure this is the best way with App Builder, it does not work.

Could you please suggest an elegant solution ?

Thank you for your help.

Marcel

decsoft

Hello Marcel,

Thanks for your interest in my work at App Builder. What we need to consider in the first place, is we are dealing with client side applications. Then, except in some platforms (and after obfuscate the code when possible) our app code is visible to everyone and everyone can change it with malicious intentions.

So any kind of authentication must be made in the server part, if the application requires it. For example, if your application deal with certain database, and you need to performs HTTP calls to communicate with such database, provide in the HTTP call the user name and password provided by the user.

Then the server check the user name and password and never provide information access to unauthenticated users.

Taking this in consideration, depend on the platform, and the application itself, we can try with one or another approach.

Purchase one or more licenses of our products if they are useful to you!

Samuel Vanneste

+1 for David's point of view : sessions must be managed on the server part. Even the login and password should be only sent in hash mode (so nobody, even the "man in the middle" could see the real login and the real password. This works only if the login and passwords are created from your app of course).
What you can store locally is a "some sort" token sent by the server to your app when the session is created so you could have a double check verification (for more security).
And do not hesitate to work directly with David has he suggested because David has a lot of valuable knowledge, really :)

decsoft

Hello,

Thanks Samuel! You are very kind. :)

Purchase one or more licenses of our products if they are useful to you!

Guest

Thank you David and Samuel,
I Think I did not express myself correctly. Sorry for that.
My App Builder application is connecting to a Remote web application made with GO.
So all database stuff are done on the server side.
This is my concern:
I need to have a protected area on my website, so only people you login could see that page.
If some one ask for that page I should be able to check if he is a registered user prior to let him continue.
I was under the impression that using global variable on the login page could allow me to achieve this task.
Am I wrong ?
Is App builder the right tool for that ?

Thank you so much for your prompt reply.

Marcel

decsoft

Hello Marcel,

Of course you can use certain kind of password access to an application's view, however, you can't guarantee no body take the application's code and change their behaviour in order to access such application's view. This is not an App Builder problem, but, something that occur in any HTML5 client side application.

So you can do it, Marcel, and probably someone like my mom never discover how to change the app's code, etc., and therefore never enter in the "secret app's view". However anyone who really wanted it... and put certain efforts... probably can do it, and then your "secret app's view" can be viewed.

Purchase one or more licenses of our products if they are useful to you!

Everybody can read the DecSoft support forum for learning purposes, however only DecSoft customers can post new threads. Purchase one or more licenses of some DecSoft products in order to give this and other benefits.