COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Java Applet Security Diana Dong CS 265 Spring 2004.
The Web Warrior Guide to Web Design Technologies
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Introduction to push technology © 2009 Research In Motion Limited.
IIS Technologies.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Server-Side vs. Client-Side Scripting Languages
1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.
Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
Web Client/Server Communication A290/A590, Fall /09/2014.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
4.1 JavaScript Introduction
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
XHTML Introductory1 Forms Chapter 7. XHTML Introductory2 Objectives In this chapter, you will: Study elements Learn about input fields Use the element.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
Tutorial 121 Creating a New Web Forms Page You will find that creating Web Forms is similar to creating traditional Windows applications in Visual Basic.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
DEV-5: Introduction to WebSpeed ® Stephen Ferguson Sr. Training Program Manager.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
Computer Emergency Notification System (CENS)
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
Active Server Pages  In this chapter, you will learn:  How browsers and servers interacted on the Internet when the Internet first became popular 
1 Welcome to CSC 301 Web Programming Charles Frank.
ITCS373: Internet Technology Lecture 5: More HTML.
JavaScript - A Web Script Language Fred Durao
CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.
Dynamic web content HTTP and HTML: Berners-Lee’s Basics.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Introduction to JavaScript CS101 Introduction to Computing.
Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.
PLUG INS flash, quicktime, java applets, etc. Browser Plug-ins Netscape wanted a method to extend features of the browser became an unofficial standard.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
1 WWW. 2 World Wide Web Major application protocol used on the Internet Simple interface Two concepts –Point –Click.
The Module Road Map Assignment 1 Road Map We will look at… Internet / World Wide Web Aspects of their operation The role of clients and servers ASPX.
Internet Applications (Cont’d) Basic Internet Applications – World Wide Web (WWW) Browser Architecture Static Documents Dynamic Documents Active Documents.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Applications Active Web Documents Active Web Documents.
TMG Client Protection 6NPS – Session 7.
Web Concepts Lesson 2 ITBS2203 E-Commerce for IT.
Configuring Internet-related services
Presentation transcript:

COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s agenda –background about the Web –Java applets –ActiveX –the future of mobile code

COS 461 Fall 1997 Documents and URLs u Web stores “documents” (files) u URL specifies –which protocol to use when talking to server »usually HTTP –DNS or IP address of server –port number of server –document pathname on server

COS 461 Fall 1997 HTTP Protocol u simple protocol for fetching documents u several client request types –GET fetches a file –PUT uploads a file to server –POST sends a request with arguments u also supports –redirect –keep-alive –proxies

COS 461 Fall 1997 Proxies u machine used as intermediary for all requests from a client u reasons –caching –security –anonymity –rewriting or filtering of content u client speaks proxy-HTTP to proxy u proxy speaks HTTP to server

COS 461 Fall 1997 Browsers and Document Types u Web documents are marked with MIME “content types” –sometimes inferred from filename extension u browser has a recipe for displaying each content type –some handled by browser itself –some handled by browser “plug-in” –some handled by external application

COS 461 Fall 1997 Forms u supported by HTML 2.0 u commands to put various input elements on page –checkbox –typein field –menu u submission triggered by an input –typically use “submit” button u results sent to server in an HTTP request

COS 461 Fall 1997 Script Tag u specifies a simple in-line program to run u various scripting languages exist –JavaScript (=JScript) the most popular –VBScript u scripts can –modify properties of browser or page –generate HTML dynamically –open new windows or browsers

COS 461 Fall 1997 Applet Tag u u loads embedded program and gives it a rectangle to run in u can have multiple applets per page –inter-applet communication u other options –archive file –serialized applet

COS 461 Fall 1997 Loading Applets Web server Byte code file source code compiler http GET browser verifier applet Java VM libraries

COS 461 Fall 1997 Java Applets u main class extends java.applet.Applet –is a GUI component –gets hide/expose/mouse/keyboard events u other classes loaded on demand, from same Web server u can call into JavaScript, and vice versa

COS 461 Fall 1997 Applets and Name Spaces u each applet gets its own name space for classes –“built-in” classes shared by all applets u implemented by built-in AppletClassLoader –one AppletClassLoader per applet –to resolve a class name »first, see if class defined already »next, loop for built-in class with matching name »finally, try loading from Web server

COS 461 Fall 1997 Stopping Applets u When do applets die? u when user clicks to new page, applet is told about it u applet can choose whether to die, hibernate, or keep running –example: ESPN score ticker –example: invisible cycle parasite u can’t kill threads forcibly in Java either

COS 461 Fall 1997 Applet Security u applets are untrusted, so their activities must be controlled u default “sandbox” policy –no file access –network access to applet’s home machine only –no access to environment variables –cannot start or monitor processes –etc. u built-in code is unrestricted

COS 461 Fall 1997 Applet Security: Enforcement u type safety: the foundation –no forging of pointers –no illegal type casting –no illegal access to private/protected variables or methods u basic elements –sound language type system –garbage collection –dynamic linking

COS 461 Fall 1997 Enforcing Type Safety u byte-code verification –analyzes bytecode –infers types of stack and variables at each program point –checks for consistency u class loading / dynamic linking –makes sure name->type mappings make sense u many details to get right in the VM code

COS 461 Fall 1997 Building on the Foundation u type safety means the only access to sensitive resources is through “official” Java API calls u official API calls want to deny permission to applets –use SecurityManager class to make decisions u first approach: “who called me?” u more realistic: “how was I called?”

COS 461 Fall 1997 ActiveX and Plug-Ins u download executable code u installed as an addition to the browser u once installed, can do anything u can be a platform for other content u advantages: efficient, flexible u disadvantage: risky to install

COS 461 Fall 1997 ActiveX/Plug-In Security u must trust the code provider u Netscape plug-in approach: user decides based on –URL –Netscape endorsement u Microsoft approach: digital signing of ActiveX programs –“Authenticode” system

COS 461 Fall 1997 Code Signing u naïve theory (Authenticode) –author digitally signs code –consumer’s browser verifies signature –consumer accepts code if s/he trusts author u problems –signature doesn’t mean authorship –trust isn’t enough

COS 461 Fall 1997 Code Signing, Realistically u signature implies endorsement –“code works as advertised, as far as I can tell” u endorsement is limited –code for use in limited circumstances –endorsers accepts limited liability u accepting signed code is risky –must be trustworthy, skilled, and diligent

COS 461 Fall 1997 Code Signing in Java u loosen restrictive “sandbox” security model for applets signed by trusted parties u several proposals for how to do this –capabilities –name space management –extended stack inspection u who makes decisions? –user: too complicated and confusing? –administrator: one size fits all

COS 461 Fall 1997 Applets as Platforms u applets often serve as platforms for other content u applet must define environment and execution rules u could have even more layers OS applet Java VM browser ???

COS 461 Fall 1997 Network Computers u small and cheap –no disk –minimal memory –cheap display, or use TV u all programs delivered as applets u Java VM and simple OS in ROM u good: cheap, easy to administrate u bad: inflexible

COS 461 Fall 1997 The Battle for Desktops u commercial power goes to the one who controls the platform –many ways to leverage platform control u currently, that’s Microsoft u Java/NC offers an alternative platform u many commercial and legal battles now over which platform will dominate

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.