Secure Web 2.0 (& Drupal) Part 1

The term “Web 2.0”refers to evolved web techniques such as provide a better interaction between user and site.

This should be performed by the means of a CMS (Content Management System). It allows for websites based

on contents/comments paradigm.

Web 2.0 Architecture

The CMS is an infrastructural layer, offering the following advantages:

· Interface: the user choose the information (text, images, videos) to display, interacting with the website,

according to specific actions (e.g. click, sting insertion).

· Protocol: it acts like a buffer, uncoupling the information from the way these are displayed. This allow

for a more dynamic content uploads and modifications

· Service: it organize the content, structuring the information along the web interface

According to [1], only 38,6% of Web Sites make use of a CMS infrastructure (that is, 61.4% are more than static

website).

The information are no more static, these are collected, elaborated and presented depending on user input. The

following actions are performed orderly:

· retrieving input (link follow, form fill)

· translating input as punctual queries to perform interrogation

· accessing data set (DB), extracting the data

· calculating information to show (query results)

· displaying information to user, usually, in a user-dependent way (HTML resources)

HTTP and HTML are used as interface, merely. The Web 2.0 requires intelligence, a proper set of instruction

to react to user input (named Web Application). Moreover,

Thus, there are 3 main components in CMS-ready Web Infrastructure:

1. Web Server (the interface)

2. Web Application (the logic)

3. DB (the data set)

CMS: Logical Schema

CMS Functionality: Building and Updating Web-Site dynamically, without:

· HTML programming

· Server-side Language (PHP, Java, .Net) Programming

· DB designing and deploying

Moreover, the CMS allows dealing with today issues (both technical and social):

1. Responsiveness: different display (PC, SmartPhone, TouchScreen, etc) and new technologies (wearable

technologies, Internet of Things)

2. Social-Ready: user interaction (blog, forum, wiki, etc)

3. Fulfillness: augmented content types (docs, photos, images, video, audio, presentation, messages, etc)

By the means of only one interface: HTTP (1.1), uncoupling interface, aspect and content. The picture

depicts the CMS addressing its tasks

However, CMS is another application on top of previous HTTP-ready environment. It introduces (for sure) new vulnerabilities and threats. CMS Security should be addressed.