0 application migration is
complete, developers must verify that information that is sent to users is properly
sanitized and that no private information is being leaked. As with any new technology,
Web 2.0??“style applications are not inherently more or less secure; developers merely
need to understand how the change to a Web 2.0??“style application changes how their
application interacts with users.
This page intentionally left blank
IV
Thick
Clients
This page intentionally left blank
197
8
ActiveX
Security
198 Hacking Exposed Web 2.0
The ActiveX technology was introduced by Microsoft in the 1990s to allow developers
to do more with their web applications. ActiveX is often used when a rich set of
functionality is required on a Windows machine, such as patch installation
(Windows Update), multimedia (Flash/WMP/QT), and document viewing (Acrobat).
ActiveX control components are downloaded to user??™s browser and/or operating
system and integrates with a web application. Traditional web applications (Web 1.0)
might require Win32 clients on the operating system (OS) for an ideal user experience;
however, Web 2.0 trends involve clients running in the browser rather than the OS.
Pages:
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354