Web site security programming

This 'web site security programming' article is supplied by Web Site Security, where you can find more information about web site security programming.

Web Site Security Considerations - An Understanding



An unfortunate fact is that there are numerous ways in which website security can be breached. Security hazards exist that impinge on Web servers and LANs (local area networks) where Websites reside, even by the regular use of a Web browser.

Web Masters face the flak when coping with the major threats. As soon as a Web server is installed at a site, a window is established in the local area network through which anyone who's on the Internet can peep. Naturally, as a rule web site visitors look at only what they're supposed to look at, but a few endeavor to uncover areas of the site that aren't intended to be observable by the general public. Nefarious visitors want to do other than just look; they endeavor to unbolt the window and slip through it. The harm intruders may inflict might be sheer vandalism, such as replacing the web site's home page with one of their own which could say or display absolutely anything at all, or else it could be burglary, such as gaining possession of a customers or sales list.

It's hard to escape the likelihood that complicated software contains bugs. No matter how meticulously it is tested, there is typically a particular combination of events or user actions, even if it may come about once in a blue moon, that brings about a failure. Software bugs create flaws in system security. A Web server is intricate software which may very likely include a security hole.

It's not only the intricacy of a Web server that may create a problem, but also its open architecture. Consider a CGI script as an illustration. A CGI script may be processed at the server in response to a remote call from a client. It might be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there will be a chance of a security violation.

Network Administrators also have to face problems from Web servers owing to the risk they pose to the security of the local area network. Whereas there must be no unauthorized incursions, right of entry must be given to web site visitors. This means that access to the network must be controlled. The Administrator therefore must perform a delicate balancing act. Even the most sturdy firewall may be compromised if the Web server is configured poorly. Concomitant with this constraint, normal use of the web site can be not possible if the firewall is configured badly. Reaching an ideal solution is even more tricky if an intranet forms part of the system. Normally, the Web server then has to be configured to recognize and authenticate domains and user groups, which are apt to have varying permission levels and access rights.

Tip: For help on a specific side of web site security, something like "web site security programming", search for the complete expression on the Web.

Most of the people using a browser to surf the Web think that they really are doing it namelessly and safely. This is not the case. Web browsers can process autonomous programs on the client machine that are located on a website. Modern browsers show a notice and request permission to run such programs. Identified generally as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily deposit a virus or other hazardous software on the browser user's PC. When it's in the system it can cause all kinds of havoc and may be very tough to remove.

This is also a worry for Network Administrators. Web browsers supply a path for potentially malicious software to filter through the local area network's firewall. After it is in the network, the harm it is able to inflict can vary from secretly gaining possession of sensitive information to motiveless destruction.

Aside from the concerns surrounding active content, just surfing the Net records a trail of the user's activities in the browser's history. This may be utilized by websites and installed software programs to establish an accurate report of the user's behaviour and preferences. Although this might be considered an invasion of privacy by some, it can be beneficial by showing germane content right away, so exonerating the user of the task of searching for it.

Secrecy is a subject that concerns not just browser users but also Web Masters and Network Administrators during the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Net. When it was created, security wasn't the most crucial factor of its blueprint. Both network and Internet transmissions should therefore not be thought of as as essentially private. When the browser on a local machine downloads a sensitive document from the remote Web server, or the browser user fills in a form with private information and clicks the 'Submit' button, the transmitted information can be intercepted without consent.

To find out more about 'web site security programming', visit website-security.biz.