Wrappers - a mechanism to support state-based authorisation in Web applications
نویسندگان
چکیده
The premises of this paper are 1) security is application dependent because application semantics directly influence proper protection; but 2) applications are generally too complex to be trusted to implement security as specified by the given security policy. These problems are aggravated if the application operates over time and space. This paper proposes the use of a simple program (a “wrapper”) that has enough knowledge about a specific application’s potential states and the actions that are permissible in each state. Using this knowledge, it is able to filter requests that should not reach an application at a given point.
منابع مشابه
Data Extraction using Content-Based Handles
In this paper, we present an approach and a visual tool, called HWrap (Handle Based Wrapper), for creating web wrappers to extract data records from web pages. In our approach, we mainly rely on the visible page content to identify data regions on a web page. In our extraction algorithm, we inspired by the way a human user scans the page content for specific data. In particular, we use text fea...
متن کاملA density based clustering approach to distinguish between web robot and human requests to a web server
Today world's dependence on the Internet and the emerging of Web 2.0 applications is significantly increasing the requirement of web robots crawling the sites to support services and technologies. Regardless of the advantages of robots, they may occupy the bandwidth and reduce the performance of web servers. Despite a variety of researches, there is no accurate method for classifying huge data ...
متن کاملOn the design, implementation and application of an authorisation architecture for web services
This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has be...
متن کاملConstructing XML-Speaking Wrappers for WEB Applications: Towards an Interoperating WEB
In this paper, we discuss an architecture for integrating WWW applications that offer information and services in the same domain. At the center of this architecture exists a mediator, whose responsibilities are to interact with the user and to effectively exchange information with the underlying applications in order to accomplish the user’s task. The integration and interoperation of the exis...
متن کاملSecurity evaluation of the OAuth 2.0 framework
The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third party ap...
متن کامل