The Security of the Empty Client Model: In contract with AJAX - Page 2
The benefits of AJAX are undisputed, in particular the techniques that empowered the Web 2.0 experience. AJAX, however, has not achieved a penetration rate that is even close to that of the enterprises. In fact, only 1% of newly built enterprise web applications utilize major AJAX infrastructures
The Empty Client presents a paradigm shift that entirely clears-up the security issues of traditional AJAX clients due to the fact that nothing except for UI commands and one static kernel is downloaded to the client. Therefore it is impossible to hack into or manipulate to get access into the server via the client.
This means that:
- No sensitive/hidden data is sent to the client. Neither the infrastructure nor the developers can perform security violations by sending sensitive data to client machines.
- The server exclusively handles interaction with data and other services.
- The client is responsible to render UI and send events to the server; in any case it can never control the server's behavior.
- Each client request is validated by the single layer server code which constitutes a single point access control center.
Traditional AJAX performs direct calls to the server from multiple controls independently. This means that each control can communicate with a server component directly, multiplying the chance to find a vulnerable behavior in client – server communication and increasing the difficulty to protect the channel. Furthermore, in most of the cases web-services are open at the server end since traditional AJAX perform most of its UI-logics on the client and retrieves only data from the server, making it even more difficult to fully protect all of those exposed ends.
The Empty Client model has a single communication channel; all of the communication is performed through this single, highly protectable router mechanism which by-protocol will not allow false requests to go through and activate no-permission event handlers to occur.
Understanding Empty Client Security:
Without delving into details, the security of the Empty Client model should be quite obvious from the introduction. The only issue that needs further clarification is a key claim which was specified above, regarding the fact that the client cannot change the server behavior whatsoever. The following flow, which describes a typical Empty Client application, explains why this key-claim is true:
Flow Step 1: The first time the client approaches the server it downloads a small amount of kernel code which is constructed of:
- XSLT – responsible for the UI layout including the HTML rendering of the entire set of controls.
- CSS – responsible for UI styling
The kernel is sent in a compressed mode and weights about 200kb. Furthermore, it is cached on the client and on the server statically and will never change from this point on.
Security aspects: no code generation at runtime, the kernel is well known and
Flow Step 2: The client renders the basic HTML to the screen and from that point on it acts like a smart AJAX client which consumes a UI service from the server only.
Security aspects: only UI essential data is sent to the client, no applicative or sensitive data.