Does anyone know of any article/publication on the security architecture of Metro app?
For example, can the metro app call an external service. If it can,
under what condition. Will it prompt the user first? And if so will
they be able to change their restriction later and how?
Cross domain scripting in a website is usually considered a big
no-no. But if I were to turn the same code into a metro app (since
presumably they're both written in Html 5 + js), does it mean I can
make ajax calls to any server irrespective of their domain? Is it
even possible to port a website into an app? If so how easy is that?
What about accessing local file system? Or does it have to go
through the contracts to do so?
And this is kind of related but if I were to write a website (not an
app). And the site was opened using Metro IE10, can it subscribe
into the metro specific js events? I guess I'm trying to figure out
how to save cost by doing as little development as possible. I
prefer a website that can target multiple platforms and only target
specific platform for the features that absolutely require it - also
not to thrilled with the idea of having to go through microsoft in
order to publish my app.
Any help appreciated.
Metro applications can call into web services located on other machines, but their ability to interact with the local machine is severely limited.
Similarly, accessing arbitrary parts of the local filesystem is not permitted. If your application has the documents (or music or photos) library permission, it can access the files in those libraries.
Related
I was given the following to consider:
Develop desktop application using Nodeweb kit.
Also develop web application using the same code base.
Applications should look identical.
Both apps must use the same code base. The reason for this is to cut down development expenses.
If it was up to me I would not even consider using node-webkit for desktop. There are far better desktop solutions for Win platforms. For web application using Node is certanly viable.
But people who plan the project somehow think Node is a way to go for both apps.
After lots of thinking, I came to the conclusion that doing what they want will only increase dev and maintenance costs.
I consider using express (maybe even Sails.js) for web application. I made some tests where I used express on node-webkit and it run just fine.
Certanly NW is powerfull platform (popcorn). Just in my case I fail to see how can it cut down the dev expense
Am I right to be against this solution? Is this a plausible decision and I am not seeing another solution?
Any opinion is very welcome
I have actually done exactly this, and it worked very well. The trick was to write some Node Webkit code that will "detect" that it's running as a desktop application, instead of a web app, and thus integrate with desktop notifications etc.
Yes, it was more work than just writing a web app, but it was also less work (and maintenance) than developing separate applications. You get to use a lot of common code, because of the fact that you are running in a browser already, that I feel the project saved a lot of time.
In fact, I am currently working on another application that requires some desktop features (file access, notifications) but the same functionality as the web application, and I'm proposing that the development happens in Node Webkit.
The important criteria here for me is that both applications are 90% the same, the desktop just adds things you don't normally have on the web. So the core of the application is exactly the same AngularJS application, with some JavaScript injected by the Node Webkit startup page to add the required desktop behaviour.
You haven't presented reasons why you think node-webkit is not a suitable option for desktop application.
On the other hand I think client's opinion that development in node and node-webkit will be able to cut down costs is not ungrounded.
nw.js (formerly node-webkit) is basically a Chromium browser with intergrated node.js engine. So if you develop a web-application using node.js (and any of its frameworks) then you will be able to reuse it in nw.js fairly easy.
I would like to create my own tool to sort photos and videos from anywhere in the file system, sorting and changing names, and stuff like that (basically a sorting tool with custom sort parameters).
Since windows store apps are easy to distribute I think it could be a nice place to develop it.
while I have nothing against C# or VB that i guess it could be easily done with it, I would like to try the HTML/CSS/JS apps of the windows store.
I'm not looking for profit on this, since is aimed for my family.
And I don't really know what kind of access to the file system do these apps have.
I consider a store app because of the universal model, if necessary I could port it to the phones too, the other option I'm considering is just to use ironpython and make it full Desktop.
With UWP apps you don't have the full access to the system files. Of course you get one to the working folder of your app - LocalFolder. By using suitable Capabilities you can be granted an access to specified libraries like: Music, Photos, Videos and more, known as KnownFolders. Additionally you can widely access removable devices. To prevent access violation to work on files in KnownFolders you have to use a special broker, which will grant privileges to your app.
The full list of access permitions you will find at MSDN.
I am an WPF developer with little knowledge for the way "mobile" apps work but in general I believe that they work in some sort of sandbox way (meaning they should not be able to access each others process, info etc., I might be totally incorrect on this one). So I am wondering if such "limitations" are applied to the Universal Windows Platform (UWP) apps?
The reasoning for my question is that I would like to write and app that checks if another Universal App is in process and use some of its information. In WPF there are ways of doing just that but in UWP apps I am not sure if it is/should/will be possible.
Thanks.
There are a couple of solutions in Windows 10. Firstly, if you are building an enterprise app and can also side-load normal Desktop apps, you can use this technique to build your UI as a UWP but also be able to break out of the sandbox and do other things on the desktop.
Secondly, if the app you want to read from is cooperative (ie, is designed to provide information; you're not just grabbing it without permission) then you can use App to App services to send and receive information between two consenting applications.
Both links are to //build videos but you can download the slides too that should contain code samples.
My classic asp application would run on local system of users via internet browser. The code file resides in the root folder of the C: drive. But I want that the code cannot be seen by the users, and even if the file is opened then the code is not readable easily, like encrypted or encoded. I want to protect the code from being copied. Is it possible? If so, then how?
Other way is to Host application on one System and if other system is in connected in LAN they can use same site via hosted URL.
To deploy code in each system is not a good practice to secure.
I will agree with everybody else, suggesting a different design, but I will give you an answer that I think is applicable if you're dead set on what you're doing:
Write your server-side logic in Visual Basic 6 or .NET and expose as COM objects.
(A wilder idea would be to implement your own ISAPI filter, but I am not positive if the APIs allow you to intercept the loading of the source... thinking and googling around make me think that that's not possible, but not 100% sure)
I have done this with COM objects.
I want to build desktop application that will use node.js and express to "render" the gui in a browser.
Since the client will have access to my application, is there any easy method to embed everything in my exe ?
I don't like the idea of having so many folders in my application folder, this makes it easy for everyone to modify and steal the source code.
The two popular solutions for delivering web-based cross-platform applications are:
NW.js
Electron
I prefer NW.js because it has better backward compatibility, particularly on OS X. They have different feature sets, so you may want to play around with both to see which one meets your needs.