Fix Government website applications by broadcasting websites without passing code?

Discussion in 'Computers & Tech' started by wgabrie, Dec 1, 2021.

  1. wgabrie

    wgabrie Well-Known Member Donor

    Joined:
    May 31, 2011
    Messages:
    11,990
    Likes Received:
    2,292
    Trophy Points:
    113
    Gender:
    Male
    So, I was wondering. You know how bad government website applications are regarding a lack of security in the source code?

    I've been thinking about how government website applications should only be viewed and not accessible via source code or inspection (looking at a live representation of the website in the browser).

    Well, I'm also studying at University and, after seeing a demonstration of being able to log into a virtual PC inside of my browser, and using it, I realize that it's possible to broadcast a video signal across the internet from a remote cloud computer.

    Then, I remembered the early internet from years ago and how many websites were done in Flash player, to do cool tricks, and it made many people decry it over bloated websites and a lack of accessibility and easy codeability. So standards-based code won out.

    But, back to my government topic, why shouldn't they broadcast the presentation of a government web application to the browser and stop using sensitive info in in-line source code transmitted to the user? And browser-side memory space?

    Maybe we got rid of Flash player too soon?

    So, why don't we fix the web and include a way to broadcast websites without passing readable code which was poorly written without thought of security, by poorly skilled government programmers? In other words, protect government web applications?
     
  2. HonestJoe

    HonestJoe Well-Known Member Past Donor

    Joined:
    Oct 28, 2010
    Messages:
    13,513
    Likes Received:
    3,697
    Trophy Points:
    113
    I'm not convinced you understand quite enough about this field. While your proposal is technically possible (and kind of happens in some cases), if you're just sending a fixed page with literally no code on the client side, it isn't really a web application any more. If all you're doing is providing fixed information, such as some kind of report or documentation, that might work but if you want any kind of user interaction or response, you need some level of code within the page presented to them.

    Security and safety is a massive element of software design, especially for web-based software. There are a whole range of design patterns and software that can be (and is) used to manage that. There are also a vast range of websites which don't use those things correctly or at all and will be countless examples of security holes and issues. The world is far from perfect.

    I'm slightly confused by your focus on government websites. While they can certainly have the same issues, I don't think they are necessarily significantly worse (or better) than non-governmental sites.
     
  3. wgabrie

    wgabrie Well-Known Member Donor

    Joined:
    May 31, 2011
    Messages:
    11,990
    Likes Received:
    2,292
    Trophy Points:
    113
    Gender:
    Male
  4. HonestJoe

    HonestJoe Well-Known Member Past Donor

    Joined:
    Oct 28, 2010
    Messages:
    13,513
    Likes Received:
    3,697
    Trophy Points:
    113
    OK, so that is apparently an example of extremely poor development practice in one example of one government website. That kind of issue is far from unique to government websites though, and they may well face more public criticism that private organisations with the same kinds of flaws. I'm in the UK but I've worked on both public sector and private sector software development and in my personal experience, the issues that lead to this kind of failure exist pretty much in exactly the same way regardless. I mean, these days most software used by government will be created by private contractors anyway.

    Another thing that article demonstrates is the ignorance of a lot of otherwise educated and professional laymen can have about software and how easily the real issues (or non-issues in other cases) can be entirely misrepresented on the back of that ignorance.
     

Share This Page