Secure Web 2.0 (& Drupal) Part 1

Tue, 05/26/2015 - 13:35 -- pottol
CMS Logical Schema

The term “Web 2.0”refers to evolved web techniques such as provide a better interaction between user and site.

This should be performed by the means of a CMS (Content Management System). It allows for websites based

on contents/comments paradigm.


Web 2.0 Architecture

The CMS is an infrastructural layer, offering the following advantages:

· Interface: the user choose the information (text, images, videos) to display, interacting with the website,

according to specific actions (e.g. click, sting insertion).

· Protocol: it acts like a buffer, uncoupling the information from the way these are displayed. This allow

for a more dynamic content uploads and modifications

· Service: it organize the content, structuring the information along the web interface

According to [1], only 38,6% of Web Sites make use of a CMS infrastructure (that is, 61.4% are more than static


The information are no more static, these are collected, elaborated and presented depending on user input. The

following actions are performed orderly:

· retrieving input (link follow, form fill)

· translating input as punctual queries to perform interrogation

· accessing data set (DB), extracting the data

· calculating information to show (query results)

· displaying information to user, usually, in a user-dependent way (HTML resources)

HTTP and HTML are used as interface, merely. The Web 2.0 requires intelligence, a proper set of instruction

to react to user input (named Web Application). Moreover,

Thus, there are 3 main components in CMS-ready Web Infrastructure:

1. Web Server (the interface)

2. Web Application (the logic)

3. DB (the data set)


CMS: Logical Schema

CMS Functionality: Building and Updating Web-Site dynamically, without:

· HTML programming

· Server-side Language (PHP, Java, .Net) Programming

· DB designing and deploying

Moreover, the CMS allows dealing with today issues (both technical and social):

1. Responsiveness: different display (PC, SmartPhone, TouchScreen, etc) and new technologies (wearable

technologies, Internet of Things)

2. Social-Ready: user interaction (blog, forum, wiki, etc)

3. Fulfillness: augmented content types (docs, photos, images, video, audio, presentation, messages, etc)

By the means of only one interface: HTTP (1.1), uncoupling interface, aspect and content. The picture

depicts the CMS addressing its tasks

However, CMS is another application on top of previous HTTP-ready environment. It introduces (for sure) new vulnerabilities and threats. CMS Security should be addressed.


Submitted by pottol on

How to Secure the Web 2.0 environment, since it needs CMS application to run