If you are building an Internet application, security is a concern. Even if you are building an intranet applicationone protected behind a company firewallsecurity should still be a concern. Security is the term we use to describe the protection of our data and systems. A secure system is a properly functioning software application that does only what it is supposed to do, without compromising the integrity of our data to those who are not authorized to have that information.
If our systems did only what they were supposed to do, security would not be an issue. So why is security a problem? Because our software and business processes often do things that we don't want or intend them to do. Unscrupulous individuals with even limited access to your system will take advantage of any side effect of the system to gain access to potentially valuable informationcustomer profiles and credit card numbersor will simply bring your system down as a test of personal skill and pride. The threat is very real, and with Web applications taking on more mission-critical roles in corporations today, the need to understand the security risks and to manage them becomes even more critical.
The alt.security newsgroup FAQ[1] summarizes the issues of security by answering the following common question:
[1] This FAQ is maintained by Alec Muffett (Alec.Muffett@uk.sun.com), with contributions from numerous others.
Q: What makes a system insecure?
A: Switching it on. The adage usually quoted runs along these lines: "The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it."
This paints a bleak picture for system architects and designers, but as in all forms of engineering, compromises need to be made, and a delicate balance of functionality and security requirements must be maintained. This balance is unique to each software project and is not something that can be dictated by a book such as this.
Instead of presenting a complete security strategy suitable for all Web applications, this chapter introduces the issues and the nature of security risks specific to Web applications. Because security is a huge topic and the subject of many texts,[2] a full discussion is beyond the scope of this book. This chapter does, however, outline the security issues and topics that every Web application architect and designer needs to be familiar with when building Web applications.
[2] Three excellent security reference books are Lincoln D. Stein, Web Security: A Step-by-Step Reference Guide (Boston, MA: Addison-Wesley, 1998); Simson Garfinkel and Gene Spafford, Web Security & Commerce (Nutshell Handbook) (Sebastopol, CA: O'Reilly, 1997); and Li Gong, Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation (Boston, MA: Addison-Wesley, 1999).
One of the best sources of current information on security can be found on the Internet. The Usenet newsgroups are a valuable source of current information about security issues for both the new and the experienced. In particular, newsgroup FAQs are an excellent way to get introduced to issues facing a Web system architect. Much of the information in this chapter has come from reading these FAQs, and it is highly recommended that Web application architects and designers make a regular habit of monitoring the activity in these newsgroups.
Overview of Modeling and Web-Related Technologies
Building Web Applications