Download presentation
Presentation is loading. Please wait.
Published byAlayna Spafford Modified over 9 years ago
1
COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s agenda –background about the Web –Java applets –ActiveX –the future of mobile code
2
COS 461 Fall 1997 Documents and URLs u Web stores “documents” (files) u URL specifies –which protocol to use when talking to server »usually HTTP –DNS or IP address of server –port number of server –document pathname on server
3
COS 461 Fall 1997 HTTP Protocol u simple protocol for fetching documents u several client request types –GET fetches a file –PUT uploads a file to server –POST sends a request with arguments u also supports –redirect –keep-alive –proxies
4
COS 461 Fall 1997 Proxies u machine used as intermediary for all requests from a client u reasons –caching –security –anonymity –rewriting or filtering of content u client speaks proxy-HTTP to proxy u proxy speaks HTTP to server
5
COS 461 Fall 1997 Browsers and Document Types u Web documents are marked with MIME “content types” –sometimes inferred from filename extension u browser has a recipe for displaying each content type –some handled by browser itself –some handled by browser “plug-in” –some handled by external application
6
COS 461 Fall 1997 Forms u supported by HTML 2.0 u commands to put various input elements on page –checkbox –typein field –menu u submission triggered by an input –typically use “submit” button u results sent to server in an HTTP request
7
COS 461 Fall 1997 Script Tag u specifies a simple in-line program to run u various scripting languages exist –JavaScript (=JScript) the most popular –VBScript u scripts can –modify properties of browser or page –generate HTML dynamically –open new windows or browsers
8
COS 461 Fall 1997 Applet Tag u u loads embedded program and gives it a rectangle to run in u can have multiple applets per page –inter-applet communication u other options –archive file –serialized applet
9
COS 461 Fall 1997 Loading Applets Web server Byte code file source code compiler http GET browser verifier applet Java VM libraries
10
COS 461 Fall 1997 Java Applets u main class extends java.applet.Applet –is a GUI component –gets hide/expose/mouse/keyboard events u other classes loaded on demand, from same Web server u can call into JavaScript, and vice versa
11
COS 461 Fall 1997 Applets and Name Spaces u each applet gets its own name space for classes –“built-in” classes shared by all applets u implemented by built-in AppletClassLoader –one AppletClassLoader per applet –to resolve a class name »first, see if class defined already »next, loop for built-in class with matching name »finally, try loading from Web server
12
COS 461 Fall 1997 Stopping Applets u When do applets die? u when user clicks to new page, applet is told about it u applet can choose whether to die, hibernate, or keep running –example: ESPN score ticker –example: invisible cycle parasite u can’t kill threads forcibly in Java either
13
COS 461 Fall 1997 Applet Security u applets are untrusted, so their activities must be controlled u default “sandbox” policy –no file access –network access to applet’s home machine only –no access to environment variables –cannot start or monitor processes –etc. u built-in code is unrestricted
14
COS 461 Fall 1997 Applet Security: Enforcement u type safety: the foundation –no forging of pointers –no illegal type casting –no illegal access to private/protected variables or methods u basic elements –sound language type system –garbage collection –dynamic linking
15
COS 461 Fall 1997 Enforcing Type Safety u byte-code verification –analyzes bytecode –infers types of stack and variables at each program point –checks for consistency u class loading / dynamic linking –makes sure name->type mappings make sense u many details to get right in the VM code
16
COS 461 Fall 1997 Building on the Foundation u type safety means the only access to sensitive resources is through “official” Java API calls u official API calls want to deny permission to applets –use SecurityManager class to make decisions u first approach: “who called me?” u more realistic: “how was I called?”
17
COS 461 Fall 1997 ActiveX and Plug-Ins u download executable code u installed as an addition to the browser u once installed, can do anything u can be a platform for other content u advantages: efficient, flexible u disadvantage: risky to install
18
COS 461 Fall 1997 ActiveX/Plug-In Security u must trust the code provider u Netscape plug-in approach: user decides based on –URL –Netscape endorsement u Microsoft approach: digital signing of ActiveX programs –“Authenticode” system
19
COS 461 Fall 1997 Code Signing u naïve theory (Authenticode) –author digitally signs code –consumer’s browser verifies signature –consumer accepts code if s/he trusts author u problems –signature doesn’t mean authorship –trust isn’t enough
20
COS 461 Fall 1997 Code Signing, Realistically u signature implies endorsement –“code works as advertised, as far as I can tell” u endorsement is limited –code for use in limited circumstances –endorsers accepts limited liability u accepting signed code is risky –must be trustworthy, skilled, and diligent
21
COS 461 Fall 1997 Code Signing in Java u loosen restrictive “sandbox” security model for applets signed by trusted parties u several proposals for how to do this –capabilities –name space management –extended stack inspection u who makes decisions? –user: too complicated and confusing? –administrator: one size fits all
22
COS 461 Fall 1997 Applets as Platforms u applets often serve as platforms for other content u applet must define environment and execution rules u could have even more layers OS applet Java VM browser ???
23
COS 461 Fall 1997 Network Computers u small and cheap –no disk –minimal memory –cheap display, or use TV u all programs delivered as applets u Java VM and simple OS in ROM u good: cheap, easy to administrate u bad: inflexible
24
COS 461 Fall 1997 The Battle for Desktops u commercial power goes to the one who controls the platform –many ways to leverage platform control u currently, that’s Microsoft u Java/NC offers an alternative platform u many commercial and legal battles now over which platform will dominate
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.