Secure IPC-only design?
#13434
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
We've been looking at Tauri as a strong candidate for a security-sensitive desktop application, but were wondering to what extent we can prevent the WebView / UI layer from making any network requests at all?
All of our data management would be handled by the Rust back-end via IPC and invoked commands.
For example in a 'supply chain' attack scenario, where malicious JavaScript has been bundled into the frontend, is there any way we can be sure that this code cannot exfiltrate UI / forms data via WebView and nefarious WebView-based network requests?
Does CSP help?
Thoughts or suggestions much appreciated.
Beta Was this translation helpful? Give feedback.
All reactions