JavaScript EditorJavascript debugger     Javascript examples

Team LiB
Previous Section Next Section

The Importance of Security

Security should be one of the first concerns a Web developer thinks about when designing and implementing an application. In many ways, designing an application without considering security is the same as designing an application without security. It is much harder to add security to an application after the fact than it is to do so up front.

Of course, there are different levels and types of security. The type and level you need for your application will vary depending on what your application does, the type and value of data (if any) that you store, the amount of risk you are comfortable with, and the amount of time, effort, and money you are willing to expend to have a secure application. The security needs of a personal home page, for example, are very different from those of a corporate intranet site or a retail e commerce site. Table 6-1 describes the kinds of threats that are out there and the consequences of being underprepared for them.

Table 6-1: Security Threats

Type of Threat

Primary Target


Web server compromise


Substituting incorrect or misleading information for valid information

Unauthorized access to internal networks

Installation of Trojan or Distributed Denial of Service (DDoS) code

All Web sites

This threat might be embarrassing for an individual, but can be costly to a corporation, not only in terms of repairing damages, but also in the cost to the company’s reputation of having its site defaced or, worse yet, having inaccurate or misleading information posted. Compromised systems can also be used to mount DDoS attacks on other systems—a potential source of liability.

Denial of service

Higher-profile sites

A denial-of-service attack can prevent users from accessing your site by flooding it with illegitimate requests, among other techniques. These attacks can be difficult to prevent.

Data loss or compromise

Data compromised through packet sniffing

Server data compromised through user impersonation or data forgery

All sites transmitting and receiving sensitive data

Consequences of not addressing this threat include compromise of credit card or other sensitive data and illicit modification of server data.


A more complete discussion of this topic is available in Chapter 14 of William Stallings’, Cryptography and Network Security: Principles and Practice, 2d ed. (Prentice Hall, 1998).

Team LiB
Previous Section Next Section

JavaScript EditorJavascript debugger     Javascript examples