Introduction
In the current information technology world, it is very easy and faster to start a business online. The strategy has become very inexpensive as ever but it has its pitfalls. There are several technical problems, privacy and security concerns as well as a sceptic from the clients. The Rich Internet Applications are described as a number of applications that are operational in the normal browsers that customers use on daily basis on the computers and those that interact with web applications. Examples of the RIA platforms commonly encountered in the web services are JavaScript an application of the AJAX group, Java applets, Java JFX, Adobe System’s AIR and Silverlight from Microsoft. It is very exciting and convenient to watch videos, the pop-up windows and rounded buttons. Nonetheless, there is a problem with trusting these applications. They are often downloadable from websites that could be seriously compromised.
Security Holes in Programming Language Ajax
One of the crucial components of the web 2.0 applications is Ajax covered by JavaScript. This technology innovation greatly revolutionized the web into a super platform. This is what bred new types of worms and viruses like space flash, Yamanner and Samy (Valtari 143). As a result portals like Yahoo, Google and MySpace among others experience new vulnerabilities. Attackers exploit these vulnerabilities to phish, cross-sire script, or cross-site request forgery.
Essentially, Ajax does not present any inherent security weakness rather it’s the adaptation of this technology that has transformed the web application greatly (Valtari 143). In the old days, processes like data and object serialization were a great challenge when DCOM and COBRA were the main components of the middleware tier. The new technology Ajax can make use of HTML, XML, JS Array, and JSON among other customizable objects that make use of GET, SOAP, or POST calls, and all these can be accomplished without invoking any middleware tier (Valtari 149). With such hi-tech integration, there is comparatively seamless data exchange between the application server and the browser.
When developers of the RIA do not take enough precautions to have secure management of the portals, security can be compromised on the server of the browser. A number of the security holes are as follows;
- Malformed JS object serialization – there are many built-in objects which allow the creation of user projects. An attacker can send a malicious subject embedded in the script. This can cause problems to possible readers
- JavaScript Object Notation Pair Injection – this is a lightweight data exchange format that can have an array, vector, and harsh table among others. There are languages like C++, Python and Perl. There is a risk of injecting a malicious script in desc and link. When this happens onto DOM and it’s executed, it then gets into the XSS group. This is risky serializing malicious content.
- Others include JS Array Poisoning (Valtari 143); Cross-domain access and callback; Manipulated XML; Script Injection in DOM; Cross-site request forgery; One-link bomb; and Flash-based cross-domain access
Advantages and Disadvantages of Ajax vs. Web 1.0
AJAX has existed for some time now and it has its advantages and demerits. There are two important things often a misconception when addressing the efficiency of Ajax. First is that it provides asynchronous communication which allows users to fetch and send data asynchronously (Valtari 143). Second, the DOM manipulation allows users to experience flash-like effects on browsers like being able to zoom a photo, having floating windows as well as being able to swap text inboxes.
The use of the effects of Ajax allows the creation of very good applications but that makes it very difficult for users. Users cannot access if their browsers do not support the application as they were before web 2.0. These important things are worth noting.
- There is the server-side application that receives input from the user, processes it and updates the internal system then provides a result to the user
- The data – this entails the input data and output logical information
- A user interface that allows consumers to see data as it is processed
Now looking at web 1.0, the second and third parts were clumped together. Web 2.0 divides them and also divides the data. The benefit is to download a smaller engine that takes care of what happens on the page and collects asynchronously the information required from the server (Valtari 149). They use applications like data encapsulation methods like JSON or XML. With this, users can serve pure data and therefore avoid the formatting cluster which jammed data in web 1.0. Reduced redundancy is a nice effect where there is no need to first download each layout by each refresh. This also allows the creation of non-human interaction between web services and the consumer.
Technologies That Hide and Protect Data
There is a number of software or technologies currently on the market for protecting users from malicious access or use of private information.
Hide folder provides security on computers to hide private folders. This helps to keep confidential information from other users. They will not even accidentally access them (Crawford 2).
Encryption software like the SafeHouse explorer provides security for hard drives and memory ports. This software provides total privacy and protection for all sensitive folders and files with the use of passwords and advanced encryption that are transparent to how users work. It is also compatible with other windows applications (Crawford 2).
Folder lock offers both encryption and locking services to files. Folders can be protected by passwords, encrypted, locked, and also it can protect USB drives and lock CDs/DVDs. The program is compatible with Windows XP, Vista, and Windows 7.0.
Universal shield 4.5 is an ultimate safety technology for hiding files, folders, and drives. It also allows discrimination of access by setting rules with flexible security combinations for most private data (Crawford 2).
Lock Folder XP allows users to lock files, folders, and drives with passwords. This protects the consumers from worms, Trojans, viruses. This guarantees that no one accidentally or intentionally accesses a person’s information like health or financial documents.
Improving E-Commerce/RIA Security
There are a number of issues that need resolving in e-commerce like privacy problems, security threats and reliability concerns.
One of the main attempts to address this is the development of the W3C’s platform for privacy preferences (P3P) project (Cranor 62). This application allows websites to express privacy checks in a standard, XML-based format which can be interpreted automatically by user agents like a web browser. The objective is to flag discrepancies between the site practices and the user’s preferences. Even though it is difficult to predict how wide the P3P specification can be adopted by the e-commerce sites, it is excited to not that the new Microsoft’s Internet explorer V6.0 is P3P enabled (Benner para. 6).
Numerous private privacy firms are coming up. iPrivacy is one of them and it guaranteed that not even its personnel or firm itself will know who used the services (Benner para. 6). The software is downloaded and to use it, the consumers generate a fictitious identity that one time only, the user then has a choice of collecting goods from a local post office if he/she was shopping. Only the zip code is correct. Or the good can be delivered by a firm to the decoded address label.
There is a new technology of selling aggregated buyer data to businesses but retains the individual identifying information as private (Cranor 62). Lumeria is one such firm and it provides royalties to consumers who participate. Users download software that encrypts their profile and sores on the Lumeria’s servers. They then use the Lumeria proxy server which protects their identity from marketers while allowing marketing material matching the profile to be sent (Cranor 69).
Security concerns on Media sites – Facebook
All the social sites have potential risks of being misused for malicious benefits by intruders. Facebook is currently the largest social network and it has constantly lured its users to make more personal information public (Dhillon & Trevort 35). The company believes that by doing this, it will be able to offer better services to its clients and the marketers and developers who want to access them. However, many users and privacy groups have protested against this some even initiated lawsuits and the controversy is increasing (Ackerman et al., 168). With its photo identification database, and with the use of related research, there is a possibility that malicious users can identify a face from a crowd and be able to access the person’s personal and confidential information (Dhillon & Trevort 35). Such developments mean that one should not just worry about what the companies like Google, LinkedIn, or any other media can do with the information but what others can do.
Studies have shown that facebook’s public profile information paired with the off-the-shelf facial recognition is able to match Facebook users with their pictures on other anonymous sites (Dhillon & Trevort 37). There is also a possibility of matching photos from these sites to Facebook profiles! Based on such research, there is a possibility that people can guess social security numbers and PINs (Ackerman et al., 169). Because from there one can just click credit report about an individual and some private information is leaked.
Conclusion
The issues of identity theft and privacy issues continue to escalate. Many people use online services for shopping and specializing but do not realize the potential consequences of these interactions. It is pertinent therefore to take precautions all the time regarding things that require personal information.
Works Cited
Ackerman, Mark S., Trevor Darrell, and Daniel J. Weitzner. Privacy in Context. Human-Computer Interaction, 2002, 16 (2-4): 167-176.
Benner, Johannes. ‘MS Gets Privacy-Happy With New IE’. Wired News. 2001. Web.
Cranor, Lorrie F., Web Privacy with P3P. Cambridge: O’Reilly & Associates. 2002. Print.
Crawford, Christopher. Commercial Online Software Distribution systems and methods Using Encryption for Security, Patents, 2009.
Dhillon, Gurpreet S., and Trevort T. Moores. 2001. Internet Privacy: Interpreting Key Issues. Information Resources Management Journal, 14 (4): 33-37.
Valtari, Annika. Web 2.0 User Experience: Social Media and Ajax Technology, Communications and Automation. 2009.