Gioi thieu AJAX va cac dich vu Web mang tich tuong tac cao da tao nen xuong song cho cac ung dung the he Web2.0. Tuy nhien su chuyen bien cua cong nghe nay da mang ra cac thach thuc moi cho cac chuyen gia bao mat.
Bai bao nay xem xet mot vai phuong phap, cac cong cu va cac bi quyet de phan tich cac ung dung Web 2.0 (gom co AJAX) va kham pha cac lo hong bao mat bang viec su dung Firefox va cac phan khac di kem cua no. Cac doi tuong chinh cua bai bao nay la ve:
- Kien truc ung dung Web 2.0 va cac van de bao mat lien quan toi no.
- Viec phat hien cac thach thuc nhu viec tim ra cac loi goi an, cac van de crawling va kham pha mat logic cua AJAX.
- Phat hien cac loi goi XHR voi cong cu Firebug.
- Mo phong trinh duyet mot cach tu dong voi Chickenfoot.
- Viec go roi cac ung dung tu quan diem bao mat bang viec su dung bo go roi Firebug.
- Phuong phap de phat hien lo hong. Tong quan ung dung Web 2.0 Thuat ngu moi “Web 2.0” duoc dua ra cho the he tiep theo cua cac ung dung Web cung voi viec dua vao cac tien bo cua ky thuat. Dich vu Web XML-driven chay tren SOAP, XML-RPC va REST dang duoc cung cap cho cac thanh phan o phia trinh chu. Cac ung dung moi nay co mot suc manh vuot troi ve giao dien nguoi dung bang cach su dung AJAX va cac thanh phan ung dung Internet phong phu.
Su thay doi cong nghe nay la dua tren mot kien truc tong the cua cac ung dung Web va su truyen thong giua may chu va may khach. Tuy vay di kem voi la cac van de lien quan den bao mat va cac thach thuc moi ve bao mat.
Cac sau may tinh moi nhu Yamanner, Samy va Spaceflash dang khai thac cac AJAX framework (trinh khach) bang viec cung cap cac cach moi trong tan cong va lay cap thong tin mat.  | | Hinh 1: kien truc Web 2.0 | Tren hinh 1, qua trinh ben phia trinh duyet o ben trai co the duoc phan chia thanh cac lop duoi day:
- Lop trinh dien - HTML/CSS cung cap dien mao be ngoai cho cac ung dung trong cua so trinh duyet.
- Logic & Process – JavaScript chay trong cac ung dung hop ly ve trinh duyet de thuc thi cong viec va logic truyen thong. Cac thanh phan cua AJAX cu tru ben trong lop nay.
- Transport - XMLHttpRequest (XHR) – doi tuong nay cho kha nang truyen thong khong dong bo va XML thay doi giua cac HTTP(S) tren may chu va khach.
Cac thanh phan cua trinh chu phia ben phai cua hinh 1 la mot nhom cac thanh phan phia sau firewall bao gom cac dich vu Web duoc trien khai theo cac ma nguon ung dung Web truyen thong. Ma nguon AJAX dang chay tren trinh duyet co the goi truc tiep den cac dich vu Web dua tren XML va thay doi thong tin ma khong phai refresh lai toan bo trang. Su truyen thong toan ven nay duoc an duoi nguoi dung, hay noi theo cach khac nguoi dung se khong cam thay bat ky mot su tro truc tiep (redirect) nao. Su dung redirect va refresh la mot phan tich hop cua the he Web dau tien. Trong the he Web 2.0 nay chung duoc giam nhe bang viec su dung AJAX. Danh gia cac thach thuc cua Web 2.0 Trong khung lam viec khong dong bo, ung dung khong co nhieu “Refreshes” va “Redirects”. Ket qua la, nhieu ma nguon ben phia trinh chu (server-side) co the duoc thuc thi boi mot ke tan cong da an. Duoi day la ba thach thuc quan trong cho nguoi lam cong tac bao mat ve cong nghe moi nay:
1. Viec phat hien ra cac loi goi an: No la rat can thiet de mot ai do phan biet cac loi goi an duoc tao boi trang duoc tai xuong tren trinh duyet. Boi vi cong nghe nay su dung JavaScript tren HTTP(S) de tao ra cac loi trieu goi den may chu backend.
2. Cac thach thuc Crawling: Cac ung dung kiem tra truyen thong cung gap that bai tren hai mat chinh: mot la de tai tao trinh duyet va hai la de nhan ra ma nguon trinh chu trong toan bo qua trinh. Neu ma nguon bi truy cap bang mot doi tuong XHR thong qua JavaScript thi no co ve nhu la viec crawling ung dung ma khong chon loc chung.
3. Kham pha logic: Cac ung dung Web ngay nay duoc tai voi JavaScript va no rat kho khan de co lap phan logic cho cac su kien rieng biet. Moi trang HTML co the tai ba hay bon ma nguon JavaScript tu server. Moi file trong do lai co the co nhieu chuc nang, nhung su kien dang su dung co the chi la mot phan nho cua tat ca cac file nay.
Chung ta can phai nghien cuu mot cach ti mi va phan biet phuong phap va cac cong cu de bat kip cuoc chay dua trong viec danh gia ung dung web. Voi muc dich cua bai bao nay, chung toi se su dung Firefox lam trinh duyet va thu tac dung cua mot vai plug-in cua no de xem tac dung voi cac thach thuc tren. Kham kha cac loi goi an Cac ung dung Web 2.0 co the tai mot trang don tu server nhung co the phai goi vai doi tuong XHR khi tao thanh trang cuoi cung. Viec goi nay co the keo noi dung hay JavaScript tu may chu mot cach khong dong bo. Trong kich ban nhu vay, thach thuc o day la viec chi ra tat ca cac cuoc goi XHR va ma nguon duoc keo xuong tu may chu. Thong tin nay co the giup de nhan ra tat ca cac ma nguon co the va cac lo hong lien quan. Lay mot vi du don gian.
Muc dich cua chung toi la co the co tin tuc ve cong viec kinh doanh bang viec tim mot tin tuc don gian duoc dinh vi tren dia chi http://example.com/news.aspx
Trang nay trong trinh duyet se giong nhu mo ta trong hinh 2 duoi day.  | | Hinh 2: mot trang vi du don gian | Voi ung dung Web 2.0, cac loi trieu goi AJAX duoc dua den server bang viec su dung doi tuong XHR. Chung ta co the chi ra cac cuoc goi nay bang viec su dung mot cong cu duoc biet den do la Firebug. Firebug la mot plug-in nhung vao trinh duyet Firefox va co kha nang nhan ra cac trieu goi XHR.
Truoc khi duyet qua mot trang voi plugin, phai chon option de ngan chan cac cuoc goi XHR duoc chon nhu hinh 3.  | | Hinh 3: Thiet lap Firebug de ngan chan cac trieu goi XMLHttpRequest | Voi Firebug option de ngan chan cac cuoc goi XMLHttpRequest co the, chung toi duyet cac trang giong nhau de tim ra tat ca cac trieu goi doi tuong XHR duoc tao boi trang rieng biet nay den server. Su thay doi nay duoc the hien tren hinh 4.  | | Hinh 4. XMLHttpRequest | Chung ta co the nhin thay vai request duoc tao boi trinh duyet su dung XHR. No da tai dojo AJAX framework tu may chu trong khi dong thoi tao ra cac trieu goi ma nguon tren server de dem ve noi dung bai bao moi.
http://example.com/ getnews.aspx?date=09262006
Neu chung ta nhin vao code, chung ta se thay ham trong JavaScript. function getNews()
{
var http;
http = new XMLHttpRequest();
http.open("GET", " getnews.aspx?date=09262006", true);
http.onreadystatechange = function()
{
if (http.readyState == 4) {
var response = http.responseText;
document.getElementById('result').innerHTML = response;
}
}
http.send(null);
} | Ma truoc tao thanh mot cuoc goi khong dong bo den backend Web server va hoi ma nguon cua trang getnews.aspx?date=09262006. noi dung cua trang duoc thay tai vi tri id trong trang HTML. Ro rang rang o day, cuoc goi AJAX su dung doi tuong XHR.
Bang viec phan tich ung dung trong dinh dang nay, chung toi co the chi ra cac lo hong ben trong cung nhu cac yeu cau POST. Cho vi du, su dung lai truong hop o tren, tham so “date” la lo hong cho mot tan cong vao SQL. Cac thach thuc keo theo va mo phong trinh duyet Mot cong cu do tham quan trong khi thuc hien danh gia ung dung Web la mot con dep Web (crawler). Con dep nay co the bo truon vao cac trang va chon ra tat ca cac link (HREF). Nhung cai gi se xay ra neu cac HREF chi vao mot ham JavaScript tao cac trieu goi AJAX bang viec su dung doi tuong XHR. Khi do dep Web nay co the mat tat ca cac thong tin.
Trong nhieu truong hop no tro thanh rat kho de mo phong moi truong nay. Cho vi du, day la mot tap cac link don gian: Link “go1” khi click se thuc hien ham getMe(). Ma cho ham getMe() duoc viet o duoi. Chu y rang ham nay co the duoc bo sung trong mot file tach biet hoan toan. function getMe()
{
var http;
http = new XMLHttpRequest();
http.open("GET", "hi.html", true);
http.onreadystatechange = function()
{
if (http.readyState == 4) {
var response = http.responseText;
document.getElementById('result').innerHTML = response;
}
}
http.send(null);
} | Code co truoc tao thanh mot trieu goi AJAX don gian den nguon hi.html tren server. Co the mo phong click nay mot cach tu dong khong? Cau tra loi o day la co the. Day la mot phuong phap su dung Firefox plug-in Chickenfoot, phuong phap nay co the cung cap cac JavaScript-based API va su mo rong giao dien co the lap trinh duoc cho trinh duyet.
Bang viec su dung Chickenfoot plugin, ban co the viet JavaScript don gian voi trinh duyet. voi phuong phap nay, nhiem vu don gian nhu viec di qua cac trang Web la co the hoan toan tu dong. Cho vi du, kich ban don gian duoi day se “click” tat ca cac “neo” voi cac su kien onClick. Su thuan loi cua plug-in nay tren cac con dep Web truyen thong la hoan toan khac nhau: moi su kien onClick tao nen cac trieu goi backend XHR-based ma cac dep co the lam mat boi vi chung co gang phan tich cu phap JavaScript va chon cac link kha thi nhung khong the thay the cac su kien onClick thuc. | 1 older articles in this category | 2006: Nam kinh hoang cua bao mat
| |
|
