KNS Security and Privacy
From KynetxDocs
KNS works through a browser extension that places tags on Web pages that call the KRE servers. These calls return custom Javascript that is then executed by the browser.
KRL programmers should be aware of some limitations of this model with respect to user privacy and security in order to create applications that are as protective of users as possible.
Contents |
Code Leakage
Any code returned by KRE can be seen and harvested by the pages that users visit and KNS tags are inserted. The code is the Javascript returned from KRE, but it is related to you application and could be reverse engineered.
Data Leakage
And data in a datasource or dataset statement in KRL may end up up on the browser and could be harvested by the page. Any user data that ends up on the page could be harvested by malicious sites.
Mitigating Risk
Most sites are not great risks for harvesting code or data. KRL programmers choose which sites their apps will run on in the dispatch section of the ruleset. KRL programmers can mitigate most security and privacy risks by choosing only sites they trust as app hosts. This security concern is the reason that wildcard domains are not accepted in the dispatch section.
Futures
Kynetx recognizes that further mitigating security and privacy risks and increasing functionality and performance of KRL will require further protection from these risks. Our product roadmap includes a browser extension (likely to be open sourced) that will execute the Javascript produced from KRL inside a security sandbox similar to Greasemonkey 0.5's solution.
