Issue No. 09 - September (1998 vol. 31)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/2.708448
With no insult intended to the early Web designers, security was an afterthought. At the outset, the Web's highest goal was seamless availability. Vendors engaged in retrofitting security must contend with the Web environment's peculiarities, which include statelessness, location irrelevance, code and user mobility, and stranger-to-stranger communication. This article presents a survey of Web-specific security issues. The focus is on security in the server and host environments, mobile code, data transport, and anonymity and privacy. The server is the central system and the repository of information resources. The server is thus the locus of threats, whereas the client is largely out of sight. The authors conclude that, although the state of Web security is abysmal, the use of the Web for business will result in a more serious approach to security. They suggest that public-key technology will be the skeleton on which Web security will hang. A trust management paradigm for securing Web commerce will give way to a risk management paradigm, in proportion to the value of the transactions moving on the Web.
A. D. Rubin and D. E. Geer Jr., "A Survey of Web Security," in Computer, vol. 31, no. , pp. 34-41, 1998.