However, in the case of migrating a web application to Web 2.0??“style
functionality, security should also be a paramount concern.
A change in an application??™s security posture during the migration process may come
as a shock to web developers if their web applications were already considered secure.
For example, many developers might not know a shift to Web 2.0??“style functionality will
affect security. Due to the nature of a Web 1.0 style web application, developers have a
clearly defined idea of what information gets sent to the user and what doesn??™t. With the
shift to a Web 2.0??“style web application, the line of what information gets sent to the user
is changed. A large part of a web application??™s functionality is now running inside the
user??™s browser, which means that the browser must be told how this functionality works.
To do this, the application usually sends a large chunk of JavaScript down to the client,
which describes all the methods the user will need to use the application. This means
that compared to a Web 1.0??“style web application, the user now knows the internals of
the application far more extensively. In theory, this should not change the security of the
application in any way.
Pages:
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344