WebApp Sec mailing list archives
RE: The ever encroaching blur between web apps and apps
From: Saqib.N.Ali () seagate com
Date: Tue, 31 Aug 2004 13:36:53 -0700
There is an important distinction that I think was missed even with the distinctions you made; applications are still host-based, client-server,
or
peer-to-peer. Web applications and web based applications qualify as client-server applications (although it can be a client-server interface
to
a peer-to-peer network). Within peer-to-peer and client-server
applications
you can have stateful and stateless communications. I think that these
are
the most important distinctions when examining distributed applications.
no arguments here :) But this a very broad topic and can get very confusing. e.g. Client-side validation using JAvascript for an application that does everything else on the server. Can this be considered a server based app?
I think that the distinction you make between an "Online" application
and a
"Web App" is not necessarily accurate. A web browser is an extensible client which presents the interface to the HTTP server making all web applications a subclass of Online applications rather than a separate classification.
i agree that all web applications are a subset of "Online Applications". All I m saying that if a Online Application requires more than a web browser, it should not be called a "Web App"
I would define a specific HTTP+HTML client server application, such as a
web
based mail client or online catalogue to function without plugins
outside of
content specific renderers (PNG/SVG renderers for outdated browsers,
etc) is
a web application.
so hotmail and gmail are web apps. i agree.
An application which provides an HTTP+HTML based interface to the application and runs embedded applets should be considered an entirely different animal. These applications which provide functionality aside
from
a web browser through the use of embedded applications should be treated separately; wether these applets are written in languages such as the
.NET
family, Java, or using content authoring tools such as flash or
director. I
would call these web-based applications. It is also important to note
that this is where i disagree. An application that is merely launched by a web browser, but is completely independent in all other aspects (i.e. uses its own protocol, port, etc) can NOT be called a Web Based App.
from a security perspective the analysis of the web application
component
should be completely separate from the analysis of the applet or content rendered by an applet.
i agree Thanks. Saqib Ali https://validate.sf.net <<< Online DocBook XML -> HTML/PDF convertor
Current thread:
- The ever encroaching blur between web apps and apps Mark Curphey (Aug 30)
- Re: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)
- Re: The ever encroaching blur between web apps and apps Ben Poweski (Sep 01)
- RE: The ever encroaching blur between web apps and apps Yvan Boily (Sep 01)
- <Possible follow-ups>
- RE: The ever encroaching blur between web apps and apps Steve Lord (Aug 31)
- Re: The ever encroaching blur between web apps and apps Jeff Williams (Sep 02)
- Re: The ever encroaching blur between web apps and apps Rush Molekilla (Sep 05)
- Re: The ever encroaching blur between web apps and apps Jeff Williams (Sep 02)
- RE: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)
- RE: The ever encroaching blur between web apps and apps Rishi Pande (Sep 01)
- Re: The ever encroaching blur between web apps and apps Saqib . N . Ali (Aug 31)