RE: The ever encroaching blur between web apps and apps

["Yvan Boily" <yboily () seccuris com>]

There is an important distinction that I think was missed even with the
distinctions you made; applications are still host-based, client-server, or
peer-to-peer.  Web applications and web based applications qualify as
client-server applications (although it can be a client-server interface to
a peer-to-peer network).  Within peer-to-peer and client-server applications
you can have stateful and stateless communications.  I think that these are
the most important distinctions when examining distributed applications.

I think that the distinction you make between an "Online" application and a
"Web App" is not necessarily accurate.  A web browser is an extensible
client which presents the interface to the HTTP server making all web
applications a subclass of Online applications rather than a separate
classification.

I would define a specific HTTP+HTML client server application, such as a web
based mail client or online catalogue to function without plugins outside of
content specific renderers (PNG/SVG renderers for outdated browsers, etc) is
a web application.  

An application which provides an HTTP+HTML based interface to the
application and runs embedded applets should be considered an entirely
different animal.  These applications which provide functionality aside from
a web browser through the use of embedded applications should be treated
separately; wether these applets are written in languages such as the .NET
family, Java, or using content authoring tools such as flash or director.  I
would call these web-based applications.  It is also important to note that
from a security perspective the analysis of the web application component
should be completely separate from the analysis of the applet or content
rendered by an applet.

Yvan Boily 

> -----Original Message-----
> From: Saqib.N.Ali () seagate com [mailto:Saqib.N.Ali () seagate com] 
> Sent: Tuesday, August 31, 2004 1:13 AM
> To: mark () curphey com
> Cc: webappsec () securityfocus com
> Subject: Re: The ever encroaching blur between web apps and apps
>
> Interesting stuff. 
>
> However I do not consider any app, that requires more than 
> the basic browser, a "Web App" . Even if a application is 
> running as a Active X control or Java Applet, I don't think 
> of it as a web app. It is a just a application that uses http 
> protocol. I think a better term is "Online Application, 
> rather then calling them "Web App"
>
> I have been writing web based Java applications since W3C 
> released the first version of Jigsaw Java webserver. And I 
> have tried to make them independent of any client side plug-ins.
>
> Having said that, I do realize that some applications will 
> require plug-in to run in web browsers. Here is a interesting 
> Slashdot discussion on Online Application that run in 
> browsers, but require plug-ins:
> http://ask.slashdot.org/article.pl?sid=04/08/12/1948219&tid=185
> Some interesting applications are listed in this discussion.
>
> Thanks.
> Saqib Ali
> https://validate.sf.net   <<< Online DocBook XML  -> HTML/PDF 
> convertor
>
> "Mark Curphey" <mark () curphey com> wrote on 08/30/2004 06:53:43 AM:
>
> > Anyone else any other good observations on the topic ?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-
> us/dnintlong/h
> > tml/longhornch01.asp