Web applications are great. We all love web apps! Location independence, no worries about backups, short development cycles meaning we get new features fast; it’s all goodness and light. But there are some security and privacy concerns. Here are two great examples. First, what if a malicious employee at an otherwise benevolent company decides to steal some of my data in violation of their privacy policy? Oops. Second, I’ve heard that in some cases the bar for the government to get at your personal data is lower if it lives on a server somewhere (just a subpoena is needed), than if it lives on your personal computer (a search warrant is needed). Oops.
So what if web apps using fancy AJAX techniques delivered the application code (html, javascript, style sheets, etc.) from their servers but the data lived on a server you controlled?
- it could actually be your home machine, if you were concerned about the subpoena/search warrant thing, assuming you were willing to run a server there (using dynamic dns, or a static ip address if you have one)
- there could be encryption of the data, so it doesn’t matter that it lives on a server
I’m sure there’s no way it could work.
Ok, maybe if you used this: http://www.fourmilab.ch/javascrypt/.
And perhaps this might come in handy: http://webdavclient.mozdev.org/.
But still, anyone would be nuts to try this.