Guidelines on Securing Public Web Servers

platform (e.g., conveyed via an HTML Web page as an applet).  Java is useful for adding 

functionality to Web sites.  Many services offered by various popular Web sites require the 

user to have a Java enabled browser.  When the Web browser sees references to Java code, it 

loads the code and then processes it using the built in JVM. 

The developers of Java tried to address the problem of security and were mostly successful.  

The Java programming language and runtime environment enforces security primarily through 

strong type safety, by which a program can perform certain operations only on certain kinds of 

objects.  Java follows a so called sandbox security model, used to isolate memory and method 

access and to maintain mutually exclusive execution domains.  Java code, such as a Web 

applet, is confined to a sandbox, which is designed to prevent it from performing unauthorized 

operations, such as inspecting or changing files on a client file system and using network 

connections to circumvent file protections or user's expectations of privacy. 

Hostile applets still pose security threats, even while executing within the sandbox.  A hostile 

applet can consume or exploit system resources inappropriately, or can cause a user to perform 

an undesired or unwanted action.  Examples of hostile applets exploits include DoS, mail 

forging, invasion of privacy (e.g., exporting of identity, e mail address, and platform 

information), and installing backdoors to the system.  Because the Java security model is rather 

complex, it can be difficult for a user to understand and manage.  This situation can increase 

risk.  Moreover, many implementation bugs have also been found, enabling the user to bypass 

security mechanisms [NIST01a]. 

JavaScript

   is a general purpose, cross platform scripting language, whose code can be 

embedded within standard Web pages to create interactive documents.  The name JavaScript is 

a misnomer because the language has little relationship to Java technology and rose 

independently from it.  Within the context of the Web browser, JavaScript is extremely 

powerful, allowing prepared scripts to perform essentially the same actions as those a user 

could take.  Within that context, JavaScript lacks methods for directly accessing a client file 

system or for directly opening connections to other computers besides the host that provided 

the content source.  Moreover, the browser normally confines a script's execution to the page 

with which it was downloaded [NIST01a].   

In theory, confining a scripting language to boundaries of a Web browser should provide a 

relatively secure environment.  In practice, this has not been the case.  Many browser based 

attacks stem from the use of a scripting language in combination with a security vulnerability.  

The main sources of problems have been twofold: the prevalence of implementation flaws in 

the execution environment and the close binding of the browser to related functionality, such 

as an e mail client.  Past exploits include sending a user's URL history list to a remote site, and 

using the mail address of the user to forge e mail.  The increasing use of HTML and other 

markup languages as content for e mail and in push technology services has opened new 

avenues for exploits through embedded scripts [NIST01a]. 

Visual Basic Script (VBScript)

   is a programming language developed by Microsoft for 

creating scripts that can be embedded in Web pages for viewing with the Internet Explorer 

browser.  Netscape Navigator, however, does not support VBScript.  Like JavaScript, 

VBScript is an interpreted language able to process client side scripts.  VBScript, which is a 

subset of the widely used Microsoft Visual Basic programming language, works with 

Microsoft ActiveX controls.  The language is similar to JavaScript and poses similar risks. 

42