WebApp Sec mailing list archives
RE: The ever encroaching blur between web apps and apps
From: "Rishi Pande" <rpande () vt edu>
Date: Tue, 31 Aug 2004 16:23:43 -0400
I think it's a very nice application. The problem that people may face in the beginning is the blurring of lines between when you are connected and when you are not. The change would be a beautiful mechanism for seamless integration between desktop and online applications and useful for users who are always connected to the net. The "fun" is going to be when users try to troubleshoot problems. Why is my Word not working? Because your ISP renewed the DHCP lease and your modem is not detecting it.
From a security standpoint, its all going to be in the network. An attack on
a local users machine is going to get the attacker no personal data but it
can act as a good launch pad for an attack. This means that the central
servers will keep personal data (hashed and encrypted, of course). Good
thing, if your server is impenetrable. Bad, if someone breaks in because now
you don't only have access to one person's record but to a large chunk of
records.
In some senses this clarifies the focus of security professionals: the gold
is in the server.
Just my $0.02
Rishi
-----Original Message-----
From: Saqib.N.Ali () seagate com [mailto:Saqib.N.Ali () seagate com]
Sent: Tuesday, August 31, 2004 2:13 AM
To: mark () curphey com
Cc: webappsec () securityfocus com
Subject: Re: The ever encroaching blur between web apps and apps
Interesting stuff.
However I do not consider any app, that requires more than the basic
browser, a "Web App" . Even if a application is running as a Active X
control or Java Applet, I don't think of it as a web app. It is a just a
application that uses http protocol. I think a better term is "Online
Application, rather then calling them "Web App"
I have been writing web based Java applications since W3C released the
first version of Jigsaw Java webserver. And I have tried to make them
independent of any client side plug-ins.
Having said that, I do realize that some applications will require plug-in
to run in web browsers. Here is a interesting Slashdot discussion on
Online Application that run in browsers, but require plug-ins:
http://ask.slashdot.org/article.pl?sid=04/08/12/1948219&tid=185
Some interesting applications are listed in this discussion.
Thanks.
Saqib Ali
https://validate.sf.net <<< Online DocBook XML -> HTML/PDF convertor
"Mark Curphey" <mark () curphey com> wrote on 08/30/2004 06:53:43 AM:
Anyone else any other good observations on the topic ?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnintlong/h
tml/longhornch01.asp
Current thread:
- The ever encroaching blur between web apps and apps Mark Curphey (Aug 30)
- Re: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)
- Re: The ever encroaching blur between web apps and apps Ben Poweski (Sep 01)
- RE: The ever encroaching blur between web apps and apps Yvan Boily (Sep 01)
- <Possible follow-ups>
- RE: The ever encroaching blur between web apps and apps Steve Lord (Aug 31)
- Re: The ever encroaching blur between web apps and apps Jeff Williams (Sep 02)
- Re: The ever encroaching blur between web apps and apps Rush Molekilla (Sep 05)
- Re: The ever encroaching blur between web apps and apps Jeff Williams (Sep 02)
- RE: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)
- RE: The ever encroaching blur between web apps and apps Rishi Pande (Sep 01)
- Re: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)