The Web Security Problem
The web security problem consists of three major parts:
Securing the web server and the data that is on it. You need to be sure that the server can continue its operation, the information on the server is not modified without authorization, and the information is only distributed to those individuals to whom you want it to be distributed.
Securing information that travels between the web server and the user. You would like to assure that information the user supplies to the web server (usernames, passwords, financial information, etc.) cannot be read, modified, or destroyed by others. Many network technologies are especially susceptible to eavesdropping, because information is broadcast to every computer that is on the local area network.
Securing the user’s own computer. You would like to have a way of assuring users that information, data, or programs downloaded to their systems will not cause damage—otherwise, they will be reluctant to use the service. You would also like to have a way of assuring that information downloaded is controlled thereafter, in accordance with the user’s license agreement and/or copyright.
Along with all of these considerations, we may also have other requirements. For instance, in some cases, we have the challenges of:
Verifying the identity of the user to the server
Verifying the identity of the server to the user
Ensuring that messages get passed between client and server in a timely fashion, reliably, and without replay
Logging and ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access