speaker details
|
|
Joonas Lehtinen
|
Joonas Lehtinen is one of the core developers of Vaadin, a Java-based framework for building business-oriented Rich Internet Applications (RIAs). Joonas has been developing applications for the web since 1995 with a strong focus on Ajax and Java. He is the founder and CEO of Vaadin Ltd.
lecture
RIA Security - Broken By Design
Rich Internet Applications (RIA) provide desktop-like usability with web deployment model. The benefits of this combination are obvious and RIA is now common a choice for the presentation layer in many applications. Unfortunately, moving logic from the server to an untrusted client may open up security holes that would not be present in the page-oriented "Web 1.0" architecture. In this presentation we will take a look at client- and server-side RIA architectures from the security angle, identify some of the most common security problems and discuss strategies for avoiding them. We'll go through an example application implemented in both architectures and demonstrate the problems. Java-based RIA frameworks, Google Web Toolkit and Vaadin, are used in the examples, but the demonstrated principles are applicable to most other frameworks and languages as well.
|
|
|
|
|
|