----- Original Message -----
From: Conan Saunders <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 3:17 pm
Subject: web application vs. web site was Re: Securing CF Apps.
> There are two separate issues here, let's not mix them:
>
> 1) What is a web "application" vs. what is a web "site"
> 2) Once you've settled on your definitions for the above two, you
> can have
> your security discussion without arguments in which both people
> are "right"
> because they are talking about two different things.
>
> The first topic is just semantics, as Kwang said, and it's clear
> not
> everybody is using the same definitions. If you want to talk about
> the
> first, why don't you break that discussion out into this
> separately titled
> thread?
>
> Here are my thoughts about web "applications" vs web "sites":
>
> 1) "Web site" refers to all sites, whether public or private
> (intranet), in
> which a user can use a normal browser to resolve a DNS name and
> load some
> HTML pages, is a web site. Some web sites are static, some are
> dynamic.
> Some include powerful search engines, transactional e-commerce,
> and other
> stuff. These are all web sites.
>
> 2) To me, a "web application" is a subset of "web site" that has
> interactive, dynamic functionality, even for anonymous users. If
> the user
> can do more than just request static pages, then the site is a web
> application. Requests and responses for a web application take
> place across
> the web or an intranet, and they take place within a normal
> browser. All
> the normal browser interface pieces are available (single-click a
> link to
> navigate, ability to bookmark, ability to type in a URL, hit the
> back
> button, right click and open a page in a new window, etc.)
>
> 3) I would then define a third category that covers what Tim was
> talking
> about: private, closed systems that attempt to mimic regular
> desktop
> software applications as closely as possible but just so happen to
> operate
> over HTTP and output to HTML. The developer may try to lock down
> the user
> experience as much as possible, utilizing fixed entry points and
> fixed
> navigation UI and attempting to shut down or hide normal browser
> functionality like URL entry, "back" and "refresh" buttons, etc.
>
> The disagreement seems to be that some people define "web
> application" as
> #2, while others define it as #3. I think calling only #3 a "web
> application" and not #2 is a mistake. Amazon, google, imdb, any
> run-of-the-mill e-commerce site... to me, these are all
> applications, and
> URLs are just part of the application interface. With web
> services, and as
> tag-based software development creeps out of the browser and into
> the OS
> itself, the line is only going to get blurrier. I think you'll be
> better
> off in the long run if you don't limit your definition of "web
> application"
> to #3.
>
> Conan
>
>
> At 03:37 PM 3/23/2004, you wrote:
> >Like you said Tim, some people have a hard time distinguishing
> between an
> >application and a site.
> >
> >-adam
> >
> > > -----Original Message-----
> > > From: Kwang Suh [EMAIL PROTECTED]
> > > Sent: Tuesday, March 23, 2004 09:16 PM
> > > To: 'CF-Talk'
> > > Subject: RE: Securing CF Apps.
> > >
> > > > There are different controls that you would use for different
> > > > purposes.Obviously an ecommerce SITE (which is what Amazon is)
> > > > needs users to be able
> > > > to return to a specific product.
> > >
> > > Pure semantics. I'm sure those guys at Amazon would beg to
> differ with
> > you.
> > >
> > > > Web services security is very different from either public
> site or
> > > > application security. You're comparing apples and oranges.
> > >
> > > Hardly. Web services are an internet-based resource that may
> or may
> > not be protected.
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
