[OWASP-Ireland] Secure application development in Mobile apps
john at strongpoint.ie
Mon Jul 25 09:36:42 EDT 2005
I'd suggest that a major risk from a fat client is a badly-implemented
official version of the client, as opposed to some hacked one, as the
article discusses. There's nothing inherently wrong with using a fat
client, as long as all communication goes via some secure channel. But,
a development error could break that principle.
With a thin client (ideally pure, basic html) you have the browser's
pretty well accepted security available. This generic security
implementation is most likely better than any custom implementation.
Granted some custom code might also be needed, but the less of it (and
the more isolated) the better!
More information about the Owasp-ireland