Windows Store apps for Absolute Beginners with JavaScript

Part 3: Understanding the Execution Environment

Download this episode

Download Video

Download captions

Download Captions

Description

Before we dive too deeply into the lab instructions, we'll take a moment and understand more about how your HTML5, CSS3, and JavaScript are used to create Windows Store apps, how they execute, and the different execution contexts—Internet Explorer versus WWAHosts.exe, what the differences are between the two, and much more.

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • Rafaya

      Do you use the VMware?Why not use the Hyper v?

       

    • BobTabor

      @Rafaya: If I told you, I would have to kill you.  Wink  Seriously.  I have a "non standard setup" for the purpose of recording videos.  I would use Hyper-V in most situations.

    • mrpaulb

      Hi Bob,

      Maybe this question will be answered anyway in a later episode.

      Having seen that the HTML/CSS/JS app run under a host exe, simular to a browser access to local html/css/js files, I'm guessing that customers of our apps will be able browse through our code if they know where to look on their file systems. (Just like they could if hosted on a web server and downloaded.)

      Is there any protection from this built-in (i.e. separate from web techniques like obfuscation / minify the js).

      Kind regards

      Paul

       

       

       

    • BobTabor

      @mrpaulb: I don't know the entire answer to this question.  In my mind, this is what I would be thinking:

      (1) Check this out ... seems more definititive than any other discussion:

       http://social.msdn.microsoft.com/Forums/en-US/winappswithhtml5/thread/c367ec15-13e9-4f61-82f6-33e05a12e490

      (2) Architecture ... Assuming I had a lot of proprietary details I didn't want shared with the world, I would strongly consider using the cloud as the back end for my app and keep those proprietary details hidden from prying eyes.  This is not a simple approach and is frought with many perils.  I would be assuming my app is "always connected" to the internet, I would post operations to a queue, and have worker processes pluck the bits off and process them.  The next time the app connected, the processed data would be available to the app.  Many apps don't need this -- only apps that have something to hide.

      This comes from Bob, not Microsoft: I get the impression we've not heard the last on this matter and there will be other options / solutions in the future.

      Wish I had a better answer for you.  Hope that helps!

    • mrpaulb

      Hi Bob,

      Separately I've been looking at service bus features of azure and i agree is a good approach as would be using web api in mvc and making the client code relatively simple, having the brains of the app server based and therefore hidden from view.

      For my question I was thinking about a simple app where content has some value for example a travel app with data for offline use (i.e. to have the data when your somewhere remote on the road).  Probably not many uses where this is a major issue.

      I'll download a couple of free apps of this type and see what I can find, learn. 

      I previously year or two ago looked at an iOS travel app for a leading travel book company and the core of their app was a sqlite db in the clear !

      The source code they used to access and present the data was of course compiled. Obviously anybody so inclined can read and copy from using the app even if the files are protected, I'm only looking at how to make it slightly less easy.

      For reading your link obfuscation (code) (or using C# / C++) and encryption (data) are the way to do this.

      Thanks for having a look around for some info.

      Paul

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.