UHTML and Website Security

uHTML

Protected against attacks

The mixture of HTML and programming code in the same file is a common security hazard. It implies that identical code is copied across HTML files (called asp or php files). Any debugging or improvement of code need to include all those occurrences of identical and similar code. It needs to be done together with the designer to ensure the integrity of the design. Opposite, all changes of the design need to be confirmed by the programmer to ensure the integrity of function.

This workflow bears a high risk of unintentional errors as both, programmer and designer, will tend to skip those labour-intensive and monotonous checks. At the same time there is always a not deniable risk that they change unintentionally the code of the other one without noticing it.

UHTML eliminates this risk separating the work areas of programmer and designer. The programmer do not need to copy his code across the sources of the designer. He implements the code exactly once with all plausibility checks. He will implement those checks just to protect himself from additional work caused by strange attribute values inserted involuntary by the designer. On the other hand should the designer mistype an UHTML–Tag, then this tag will shed it's functionality what the designer will immediately notice.

Another risk resulting from mixture of code and HTML is possible code delivery to an attacker caused by a programm error mostlikely provoked by that attacker. This risk can't be rated high enough, as trough code analysis backdoors can be spied out and sophisticated attacks can be performed.

This risk is not present in UHTML as program code is strictly separated from the file containing a webpage.

Injections of unpredicted data

Browser uHTML model

Injections of inconsistent or unpredicted data are the most common attack on websites. In proper implemented UHTML websites injections of alien data have no effects. It is simple for the programmer to implement a central control system to verify the integrity of all external originated data. This makes it easy to block inconsistent data before it causes any damage. This protection against inconsistent data remains in function while future website alterations and extensions. It makes upgrades more reliable and increases generally the stability of a website.

The common handling of error messages in UHTML sites increases additionally the security. Opposite to many other technologies error messages are not displayed by default within the webpage but in the error log of the webserver. The spying on internal data structures and data handling using errors messages becomes impossible. This prevents the most common proceeding to prepare an attack on a website.

Program error messages in UHTML versus php

Error messages uHTML model    Error messages php model

divider

German Version
 

Other Sites:

uHTML-Logo 2008 All Rights Reserved Amina Mendez & Roland Okello Valid HTML 4.01 Transitional CSS is valide!