FMLUn linguaggio semplice per la creazione di form web

Valentina De RosaCorso di laurea triennale in Informatica

a.a. 2010/2011

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead–lined room with armed guards.

— E. Spafford“

“ WEB & APP: Welcome, please enjoy our user’s data!

Siti vulnerabili

84%

Almeno una vulnerabilitàfra le 3 più pericolose

64%

ALCUNE STATISTICHE WhiteHat Website Security Statistics ReportOWASP Top Ten Project 1 / 2

Numero medio di vulnerabilitàcritiche (per sito)

230

ALCUNE STATISTICHE WhiteHat Website Security Statistics ReportOWASP Top Ten Project 2 / 2

+-Soluzioni esistenti

Abilità di programmazione

<email>       <configuration>               <from>restaurant@pizzarealm.com</from>               <to>$email</to>               <subject>Reservation made by $surname</subject>               <text>Mr./Ms. $surname reserved a table for $people people in date$date and time $time. Notes: $notes.</text>               <success>Thank you for reserving a table on $date. We'll send you a confirmation email soon.</success>       </configuration>       <form>               <name id="surname">                       <label>Surname</label>                       <optional>false</optional>               </name>               <email id="email">                       <label>Email</label>                       <optional>false</optional>               </email>               <date id="date">                       <label>Reservation date</label>                       <optional>false</optional>               </date>               <time id="time">                       <label>Reservation time</label>                       <interval step="15">12:00-15:00</interval>                       <interval step="15">20:00-23:00</interval>                       <optional>false</optional>               </time>               <singleChoice id="people">                       <label>How many people?</label>                       <optional>false</optional>                       <choiceRange>1-10</choiceRange>               </singleChoice>               <textarea id="notes">                       <label>Notes</label>                       <optional>true</optional>               </textarea>       </form></email>

• perme"e di descrivere un’interazione• linguaggio simile ad HTML• stru"ura semanticaFML

<email>       <configuration>               <from>restaurant@pizzarealm.com</from>               <to>$email</to>               <subject>Reservation made by $surname</subject>               <text>Mr./Ms. $surname reserved a table for $people people in date$date and time $time. Notes: $notes.</text>               <success>Thank you for reserving a table on $date. We'll send you a confirmation email soon.</success>       </configuration>       <form>               <name id="surname">                       <label>Surname</label>                       <optional>false</optional>               </name>               <email id="email">                       <label>Email</label>                       <optional>false</optional>               </email>               <date id="date">                       <label>Reservation date</label>                       <optional>false</optional>               </date>               <time id="time">                       <label>Reservation time</label>                       <interval step="15">12:00-15:00</interval>                       <interval step="15">20:00-23:00</interval>                       <optional>false</optional>               </time>               <singleChoice id="people">                       <label>How many people?</label>                       <optional>false</optional>                       <choiceRange>1-10</choiceRange>               </singleChoice>               <textarea id="notes">                       <label>Notes</label>                       <optional>true</optional>               </textarea>       </form></email>

non èFML

in de!aglioFML

1 2 3

<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>

... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>

... </form></email><!-- end -->

123456789

10111213141516171819

<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>

... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>

... </form></email><!-- end -->

123456789

10111213141516171819

<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>

... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>

... </form></email><!-- end -->

123456789

10111213141516171819

<!-- email_form.fml --><email> <configuration> <to>...</to> <subject>...</subject>

... </configuration> <form> <telephone> <label>...</label> </telephone> <singleChoice> <choice>...</choice> <choice>...</choice> </singleChoice>

... </form></email><!-- end -->

123456789

10111213141516171819

1

HTTP

Richiesta pagina

PROCESSO Richiesta della pagina 1 / 1

FML !le Parser FMTree

Translator

Evaluator Mail

DatabaseCon!guration

XHTML

Javascript

WWW

2

HTTP+

DATI

Invio dei dati

PROCESSO Invio dei dati 1 / 1

FML !le Parser FMTree

Translator

Evaluator Mail

DatabaseCon!guration

XHTML

Javascript

WWW

In conclusione

Each time we create a fool–proof systemthe universe creates a be!er fool

Verso l’infinito...

Grazie