Like many pieces of technology, the Web is one of those things that people are perfectly happy to use but have absolutely no idea how it works.[1] It’s natural to think of the Web as a publishing system, and at some level it is: the Web lets people publish documents for anyone to read. But what the Web really is is a distributed computing platform that lets Web sites run code on your computer.[2] Originally, of course, that code just rendered documents, but now it’s used for everything from documents (like the one you’re reading now) to text-based applications like Slack or even videoconferencing apps like Google Meet. Unsurprisingly, then, the Web has a unique security model, which is the topic of this series of (some unknown number of) posts.
I meant to start right in on security but then I realized I first needed to provide enough background of how the Web works to have the security stuff make sense. This post is the first half of that background material, covering the structure of Web sites and pages. There will be a second post that covers Web “applications”. This isn’t a textbook or a specification, so I don’t intend to provide a complete picture; the idea here is to cover the essential elements for understand the security model.
Read in full here:
https://educatedguesswork.org/posts/web-security-model-intro1/
This thread was posted by one of our members via one of our news source trackers.