Hack Proofing Your Web Applications

The Internet can transport more than just data. It can also transport programs designed to provide services; however, the programs need to be delivered in a special way that is simple for the end user. How do you deploy these Web-based programs in order to add dynamic content to the Internet? By using mobile code. Mobile code is code that passes across a network and is executed on a destination machine. The programs that are designed to provide services can be any one of a variety of forms, such as scripts within documents and e-mail, or code objects running within Web pages. Because of the way mobile code is written, the same piece of code can sometimes run on multiple platforms. Mobile code is excellent for distributing applications across networks or the Internet.
While the Internet allows people to access information in a way that was never before possible, it also allows for malicious actions to take place. And, as with almost any technology, there are negative sides to mobile code.
Mobile code is executable code, usually embedded in an HTML document that can be downloaded and run on an end-user s workstation. This very statement should bring about an understanding of just how easy it would be to turn a really great tool into one that can be used maliciously. E-mail is the most prevalent example of an HTML document supporting application, so factor in the threat that mobile code can also be sent within e-mail, and the...