On 2015-02-16 07:48, Florian Bösch wrote:
On Sun, Feb 15, 2015 at 10:59 PM, Jeffrey Walton <noloa...@gmail.com <mailto:noloa...@gmail.com>> wrote:For the second point, and as a security architect, I regularly reject browser-based apps that operate on medium and high value data because we can't place the security controls needed to handle the data. The browser based apps are fine for low value data. I'm not sure what "high value data" is. But I'm fairly sure that just about any e-banking solution in existence is browser based.
Unfortunately this is wrong and is why I started this thread. Mobile banking applications in Europe are usually featured as "Apps". This has multiple reasons; one is that there's no way to deal with client-side PKI and secure key storage in the mobile web.
So I'm guessing your definition of "high value data" doesn't include banking access. You work for the NSA? Oh snap, the high value data just walked out there on a USB stick.
:-) Anders
