With the popularity of networks, especially broadband networks, network-based B / S application model development prospects are very bright, because by means of network, B / S mode has convenient management and maintenance, users use simple, cross-platform. However, because all of the B / S mode all data transfers must pass public networks, the information security issues are very important. If this problem does not have a good solution, a B / S system cannot really enter commercial Work.
In general, the information security of a B / S system mainly has two aspects (this article does not discuss security with network-independent security): the security of data transmission and the confirmation of user identity. User identity is very important in the B / S system, because the B / S system provides personalized services and different permissions based on the user's identity, so how to confirm the user's identity to prevent counterfeiting And illegal attacks are a very important aspect of maintenance data security. At present, the network-based identity authentication is a mature solution is an electronic certificate, and the electronic certificate is quite a person's ID card in the network, the only identification of the owner. A B / S system can establish an independent certificate system, or use the public service CA system, both have advantages and disadvantages, depending on the specific application system.
The security of data transmission is primarily referred to as being transmitted in the network to prevent malicious stealing and changes. The currently recognized data protection measures are the additional technology of data. This technology currently has many mature protocols and applications such as SSL and VPN. SSL is a security protocol based on a Socket interface. Currently, both mainstream browsers support this protocol, which can be combined with B / S mode. However, since the browser custom SSL protocol is limited by some countries (such as the United States) export, its safety intensity and algorithm choice are not very flexible; on the other hand, due to the scope of SSL protocol protection, for dedicated B The / S system may also be too annoying. VPN is a virtual private network, the technology is high, but the cost is also very large, mainly used for the security of the network, which is a feasible technology for the B / S system, but applicability is not very good. As a dedicated B / S system, in terms of protection of data, it can be recognized according to the recognized algorithm to customize its simple and effective security protocol, which is also very effective in providing the performance and ease of use of the system.
Of course, a truly secure B / S system is not simply adding the above techniques, but to consider security as an important factor in the system design phase, every part of the system reflects security. Together, the concept of information security is integrated into the system to truly become a secure B / S system. For example, when doing system design, when the user enters each functional module, the user must verify the user's certificate according to the user's certificate to determine whether the service is provided or what permissions are provided.
The above-mentioned security analysis of the B / S system is just a very immature idea, mainly I hope everyone can discuss and make progress together.
