On Mon, Aug 9, 2010 at 16:25, Fabrice A. Marie <[email protected]>wrote:
> But when I read the long list of new web feature (websocket,etc..etc..) > I can't help but smile: > java platform (with or without CORBA) was promising the same 15 years > ago! And they delivered even then. But nobody every really used it: > Oh yeah, I wasn't implying the features in themselves are revolutionary of course. Technically you could do pretty much anything with Java applets indeed... oh that was also true of ActiveX ;o) Definitely these technologies were in advance on their times conceptually (yeah even ActiveX was in advance though it was a horribly broken implementation of the NativeClient concept ;-) ), they were each broken in their own way _at that time_ : - too slow to be usable on most computers (Java) - mono-platform and broken-by-design safety-wise (ActiveX) - not available "out-of-box" (Java) - clunky user experience with regards to sandboxing (both) - technology 'islands', ackward foreign interface and DOM integration (both) I agree things could have played differently if MS had supported Java, however I believe the main reason for the failure is that at that time the web was just simply not seen as an application platform but just a document platform; probably partly because at the time web developers were not really developers (used to call them "HTML integrators" right?) due to the immature tech (basic HTML, basic Javascript). Simply because HTTP was never meant as a communication protocol. > - It has no session (session cookie are hacks, that happen to work, when > implemented properly) > - it has no state (you can call page2 before page1 if you want, it's up > to the app to enforce) > Indeed HTTP is not perfect, but it works, session cookies are hacks but it works quite well in practice, the statelessness of HTTP is actually a good thing as it allows much easier scalability and reliability than having to maintain thousands of connections simultaneously, which is one of the reasons of the success of the web as a platform during its inception (no need to invest in huge servers). Incremental evolution is leading us to WebSockets now, which finally solves cleanly the long-lived connection/session problem (no need to hacks like comet etc anymore) expressively for long-lived full-duplex communication channels. I think incremental evolution is the main reason why all these new web-based standards will succeed in the end, they are not revolutionary in any way, they take the existing and improve it step by step while maintaining backward compatibility and keeping an interface that everyone is used to : the browser. > It just wasn't designed to implement applications. The source of 99% of > the flaws is "input validation" or parameter > validation if you prefer. Most developers forget that an attacker can > modify the complete request to just input anything, > Completely agree with this. It's so sad that a lot of popular web server frameworks implements validation/escaping-when-the-developer-explicitely-require-it-on-each-input instead of validation/escaping-all-the-time-except-if-developer-opt-out-very-explicitely-for-one-particular-input. Regards,
_______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
