WebView and WebGL

Mike Hearn mike at plan99.net
Thu Sep 14 09:24:04 UTC 2017

> Is it about reusing Java knowledge, unique Java libraries, something else?

You seem to be asking "why write desktop apps" in general.

For my own projects there have been two different drivers (for different

   1. Peer to peer networks and the web don't mix well. If you want to
   write a P2P app, it's going to be a desktop app.
   2. Security

The latter is not something that's talked about much but my company is not
the only one that is motivated by security. I was talking to someone a few
days ago who works at a very large, well known software firm and he told me
they have a department that handles sensitive documents. Their admin and
control plane apps are all desktop apps (not JavaFX though) because they
want the additional security.

Why more secure? No XSS, no XSRF, no clickjacking, no injection-prone text
based protocols (if you do it right) etc. The web is a fundamentally
insecure platform because it's entirely text based, so buffer boundaries
are marked in-band instead of using length prefixes. This design choice is
so systemic the web essentially cannot be fixed.

Managed desktop apps using traditional widget toolkits, with binary
protocols between client and server (e.g. protobufs) eliminate entire
classes of vulnerabilities and the few classes that remain are easily
understood and caught via audit or code review.

More information about the openjfx-dev mailing list