There are different kinds of programming languages that helps in different ways. Some of them helps in the playing with the data base, some helps in designing the layout of the web application, some of them help to process the data taken from the user. However they all process the data either in the same browser and gives output by processing at the same time whereas some of the give output after processing in the server and displaying to the browser or the application.
2.2 Client Side Scripting Language
Upwork (WODEHOUSE, 2017) states that Client Side Scripting Language is the programming language which controls and displays the response from the servers to the client. Such languages are used to interact with the components like text box, label, check box, and buttons and also to modify the CSS and HTML elements. Here are some of the client sides scripting language.
· HTML
· XHTML
· CSS
· Java Script
2.2.1 Advantages of Client Side Scripting Language
There are various advantages of Client side scripting languages which are as follows:
· Allow for more interactivity by immediately responding to users’ actions.
· Execute quickly because they do not require a trip to the server.
· May improve the usability of Web sites for users whose browsers support scripts.
· Can give developers more control over the look and behavior of their Web widgets.
· Can be substituted with alternatives (for example, HTML) if users’ browsers do not support scripts
· Are reusable and obtainable from many free resources.
2.2.2 Disadvantages of Client Side Scripting Language
Client side scripting languages does not only have advantages; it does have some disadvantages which are given as follows:
· Not all browsers support scripts, therefore, users might experience errors if no alternatives have been provided.
· Different browsers and browser versions support scripts differently, thus more quality assurance testing is required.
· More development time and effort might be required (if the scripts are not already available through other resources).
· Developers have more control over the look and behavior of their Web widgets; however, usability problems can arise if a Web widget looks like a standard control but behaves differently or vice-versa.
2.3 Server Side Scripting Language
In Server side scripting, all the codes are firstly, checked in sever and then passed to user’s browser. Thus, no any PHP codes or script are visible to user. Users are only able to view information in their web browser. Some Server side scripting languages are as follows:
· PHP
· Python
· ASP.Net in C#, C++, or Visual Basic
2.3.1 Advantages of Server Side Scripting Language
There are various advantages of Server side scripting languages which are as follows:
· It reduces the load on the user’s computer as it does not require plugins or browser scripting technology.
· We can use to dynamically create pages on the fly. New pages ca even be instantly created based on certain user interaction
· User can create one template for the entire website
· The site can use a content management system which makes editing simpler.
· Generally quicker to load than client-side scripting
· User is able to include external files to save coding.
· Scripts are hidden from view so it is more secure. Users only see the HTML output.
· User does not need to download plugins like Java or Flash.
2.3.2 Disadvantages of Server Side Scripting Language
Server side scripting languages does not only have advantages; it does have some disadvantages
Which are as follows:
· Many scripts and content management systems tools require databases in order to store dynamic data.
· It requires the scripting software to be installed on the server.
· The nature of dynamic scripts creates new security concerns, in some cases making it easier for hackers to gain access to servers exploiting code flaws.
2.4 Comparison of Client side and server side scripting language
Client-side scripting language | Server-side scripting language |
Used when the users browser already has all the code. | Used to create dynamic pages |
The web browser executes the client side scripting | The web browser executes the server side scripting |
Cannot be used to connect to the databases on the web server | Used to connect to the databases that reside on the web server |
Can’t access the file system that resides at the web server | Can access the file system residing at the web server |
Response from a client side script is faster as compared to a server side script | Response from a server side script is slower as compared to a client side script |
2.5 Difference between PHP and JSP
PHP | JavaScript | |
Server side interaction mechanism | PHP runs on server and the major functionality of PHP is to produce the HTML code which will be read by browser. | JavaScript can handle only local tasks that are specific. |
Data processing | In PHP, code will be available only after the server interprets it. | In JavaScript, the code can be viewed even after the output is interpreted. |
Ease of usage | PHP is embedded only with HTML and PHP cannot be combined with XML. | JavaScript can be combined with HTML, XML and AJAX. |
Session and cookies | PHP is used to produce web pages on the go, ready and deploy databases, import the files available on the server and gain files of data from further domains. | JavaScript can import files of information available by mentioning the URL of the file in the address bar of the browser. |
Processing time | PHP doesn’t execute within a browsers window. | JavaScript executes within a browsers window. |
Database connectivity | PHP commonly uses MySQL as a database. | MySQL is not commonly used by JavaScript. |
Security requirement | Most of the web developers learn PHP at beginning as it is easier. So the number of PHP developer is more due to which have more security threats. | They are very tough for the new comers and only the hardworking developer knows more about it. Since less number of the user has knowledge about it, there is low risk of security threats. |
2.6 Web security concerns
Beyondsecurity (Anon., 2017) states that website is the most popular means to make presence of the brand, product and service on the vast network of internet. Since there are more websites these days, hackers make target to the less secure website and have access to the data. So, websites are very risk in terms of security.
When we upload any web contents to the internet that is the open window between the network we have and the outer world. We need to make that window secured. There are different activities like server maintenance, web content updating, updating codes and application etc. that we do to maintain the service which ultimately defines the size of window we have that is open to the world.
Thus while developing website security concerns must be kept in mind. And some of the concerns to be considered while developing website are as follows:
2.6.1 Session Hijacking
Checkmark (Anon., 2017) states that when we browse internet our history gets stored and we can see the logs of the sites we have visited. In the same manner there is session about the activities we have performed on the internet. The term session hijacking means to take over the session of the user by stealthily obtaining the session ID and using them as the authorized user.
This is the act of taking control of a user session after successfully obtaining of an authenticate session ID. They involve an attack using captured session ID to grab control of legitimate users web application session while that application session while that application still in progress. Session hijacking takes place at transport layer of network layer of OSI.
2.6.2 SQL Injection
Netsparker (Anon., 2017) states that a SQL query is one way an application talks to the database. We can manipulate the data in the database by using SQL Queries. In the same manner hacker uses SQL injection to manipulate our data. SQL injection occurs when an application fails to sanitize untrusted data in a database query.
Most of the SQL injections are done by the input forms like text form in the comments, contacts, etc. An attacker can use specially crafted SQL Commands to trick the application into asking the database to execute unexpected commands. Attackers provide specially crafted input to trick an application into modifying the SQL queries that the application asks the database to execute.
2.7 Recommendation for Security Improvements
Making presence in the vast network of internet is not an easy task. We have to make our contents and the application more secure and available to compete in the internet technology. Once we get hacked then we lost the trust and have to struggle for longer period. Here are some of the recommendations to implement for the higher degree of security.
i. Keep the software that you are using either operating system or the other software for hosting your files, updated.
ii. SQL injections attacks are used by the attackers in the web forms or the URL parameters to gain access to and to manipulate the database. So, it is required to use the parameterized query.
iii. Cross site scripting attacks inject malicious JavaScript into your pages which then runs in the browser and can modify the contents or steal data to send the information to the hacker.
iv. It is very much essential to control the error messages because they give a lot of information to the hacker. So, provide only minimal errors to your users, to ensure they don’t leak secrets present on the servers we are using and keep the logs of errors.
v. Form validation is crucial as the attackers may insert the malicious code into the database. So, we can validate the inputs in the browser as well as the server side.
vi. The users should use the very complex password of alphanumeric characters and also the password should be saved after the encryption method.
vii. File uploads should be set in some limited size and of certain extension type as the file can contain the malicious scripts.
viii.HTTPS is the most secured protocol that we used in the most of the payment and login pages. So, it is highly recommended to use HTTPS in the website.
ix. And finally implementation of the recommended security options, it is important to test the website using tools like Netsparker, OpenVAS, SecurityHeaders.io, etc. for the penetrating testing and ensure the security of the website.
2.8 Conclusion
Client side scripting language is the programming language which controls and displays the response from the servers to the client. They allow more interactivity and execute more quickly. They are reusable and obtainable from many free resources. But these scripts are not supported by all browsers and also they require more time and effort to manage them.
In Server side scripting, all the codes are firstly, checked in sever and then passed to user’s browser. Thus, no any PHP codes or script are visible to user. Users are only able to view information in their web browser. The user can create one template for the entire website and they are more quicker to load than client side scripting language. Since the scripts are hidden from view so it is more secure and users have access to HTML only. They make the site more content manageable and makes the editing simpler. So, we can say that the server side scripting are more preferred than the client side scripting language.
