Another challenge is awaiting Web developers after the Web application starts. How to pass objects through Web windows and How to prevent unwanted users from jumping into the middle of application ?
-------------------------------------------
Web browser cuts connection with a server each time when it jumps from window to window.
Taking into account stateless nature of http server it becomes a problem to pass objects from one window to another. Web based application often hits database many times for the same table to populate different screens.
Passing objects is especially difficult while using "links", when passed data (that can be confidential) become a long URL line visible on the screen.
EXAMPLE: ..href=myProg.pl?UserID=abcd&Password=abcd123&orderNo= N123456789&planDate=12/31/95&realDate=12/32/95& noteNumber=N1232456B¬eInfo=...
The regular way is creating a lot of hidden input fields for passing the objects from window to window. Using this way we create unnesessary traffic on the network.
"storeSecure" and "restoreSecure" procedures are helping on saving objects into a file on the server and passing only the file name through the network.
The procedures help to pass sensitive data in a secure manner. There are 3 points providing security:
a. All passing objects are ENCRYPTED into a single object.
b. The secure object is stored in a secure place
on a server side in a directory created with a special
permission privileges.
There is no way from the client side to even look at the object.
c. After object is restored - it's gone:
the same restoration procedure "restoreSecure" deletes the secure object.
the same restoration procedure deletes the secure object.
Additional benefits ?
-------------------------------------
Secure objects can also protect from
a "bad guy" jumping into the middle of application
using URL that he/she see from a valid user shoulder.
Each screen restores secureObject created by a previous screen.
It makes each URL a unique one and
totally prevents anyone from jumping into the middle of application.
------------------------------------------------
Finishing this brief review dedicated to the Internet I ask myself:
- is the Internet really the central communication point for the public ?
- what about digital TV ?.. is it coming ? .. as a ruler or just a partner ?
- how different is the client-server architecture for the industry
that serves movie orders ?
In any case, client privileges and multi-level data access must be provided
if we are going to play games, study, or do business over a satellite link.
What kind of solution can support it is a different story...