Unit 1-3b.docx
Document Details
Uploaded by StimulatingSpinel
Full Transcript
**Module 1-3. Information Technology Systems Fundamentals** OBJECTIVE 3b. Identify relationship of basic facts and state general principles of web fundamentals \- Web Services \- Web Language Types **WEB SERVICES** A Web Service is the technology or software system designed to support interope...
**Module 1-3. Information Technology Systems Fundamentals** OBJECTIVE 3b. Identify relationship of basic facts and state general principles of web fundamentals \- Web Services \- Web Language Types **WEB SERVICES** A Web Service is the technology or software system designed to support interoperable machine- to-machine interaction over a network. It represents a business or data-tier component used by web applications to receive information. Services in Service Oriented Architecture are connected using Web Services. A web application is a server based application interacting with other server based applications. Web applications and Web Services are similar in they are both applications and are web based; however applications connect with users while services interact with other services. Languages for Secure Web Service Development Each of the languages discussed in this section has its own set of sound security-related practices, but all benefit from a common set of secure coding practices that include the following: \- Do not include sensitive data in user-viewable source code (i.e., Web page code that can be displayed by the user using the view source function of his/her browser) or configuration files. \- Assemblies that support untrusted or partially trusted callers should never expose objects from assemblies that do not allow untrusted or partially trusted callers. \- Allow untrusted or partially trusted callers only after the developer has carefully reviewed the code, ascertained the security implications, and taken the necessary precautions to defend against attack. \- Disable tracing, debugging, and other diagnostic development or testing-related functions, tools, and hooks before application deployment. \- Do not issue verbose error information to the user. Markup Languages A Markup Language is a modern system for annotating a document in a way syntactically distinguishable from the text. There are three general categories of electronic markup: Presentational, Procedural and Descriptive. The most common markup languages seen on the web are HyperText Markup Language (HTML) and Extensible Markup Language (XML). **HTML** Hypertext Markup Language (HTML) is a markup language used for creating documents for web pages. It defines the structure and layout of a Web document by using a variety of tags and attributes. The JavaScript programming language resides inside HTML documents providing levels of interactivity to web pages. **XML** Content within SOAP messages is expressed in XML. Because of this, the security technologies used by Web services are based on those developed for XML. XML was designed so that it could be easily extensible and combined with itself. It should be natural to provide integrity, confidentiality and other security benefits to entire XML documents or portions of these documents in a way that does not prevent further processing by standard XML tools. In general, most of the risks posed by XML are not unique. They can appear with many other technologies and systems, new and old. Some of the risks are more severe for XML than for older systems simply because XML is more expressive, flexible and powerful. Some of the risks derive from the ways in which XML is used (e.g., for metadata) and would appear whether using XML or some other technology. **Style Sheets** A Web Style Sheet is a form of separation of presentation and content for web design. It is a set of rules that define the look and formatting of a document written in HTML or XML language. These rules determine how to display elements on a web page, including layout, colors, fonts, and more. **Client Side Scripting Languages** Client Side Scripting languages refer to the class of computer programs on the web executed client-side by the user\'s web browser instead of server-side (on the Web Server). Client Side Scripts help to move a page from static content to a dynamic environment which can change due to user interaction. Examples of Client Side Scripting languages include: AJAX, DOM, ActionScript, JavaScript and VBScript. **Server Side Scripting Languages** Server Side Scripting Languages are executed by the Web Server when the user requests a document. They produce an output in a format understandable by Web Browsers (usually HTML) and which are then sent to the user\'s computer. The user cannot see the script\'s source code and may not even be aware a script was executed. Server-side scripts require their language\'s interpreter be installed on the server and produce the same output regardless of the client\'s browser, operating system or other system details. Examples of Server Side Scripting languages include: ASP, ASP.NET, ColdFusion, JSP, Perl, PHP, Python and Ruby. **Sandboxed Languages** Sandbox Languages provide for application creation running in an independent sandbox environment. It refers to a controlled and restricted setup in which certain programs or scripts are executed. The purpose of this setup is to prevent these programs from causing damage to the system or accessing sensitive data. It\'s called a sandbox because it\'s like giving a child a safe, isolated box filled with sand to play in, where they can\'t do any harm. Examples of Sandboxed Languages are: ActiveX, Flash, Java, Shockwave, and Silverlight. **Python** Python has a unique culture and community based on its core design philosophy of readability and syntax that enables you to write concise programs. Python is an object-oriented language and is considered open source, which means it\'s free to obtain, modify, use for any purpose, and redistribute. It\'s quick to learn, which means that you get up to speed, programming, very rapidly. It\'s easy to read and understand, which makes it easy to maintain your programs over time. It\'s very powerful, with many different modules provided for lots of capabilities, and you\'ll find it used throughout many different programming domains.