Security Remains a Challenge for Browser Developers

Security is one of the biggest challenges facing the browser industry, a panel of browser industry luminaries told attendees at the Web 2.0 conference.

SAN FRANCISCO—Some of the leading names in the browser market took to the stage at the Web 2.0 conference here on April 16 to give an update on the state of that technology, and all agreed that security was one of the biggest challenges facing the industry.

The panelists, who were tasked with addressing the topic titled "The Arrival of Web 2.0: The State of the Union on Browser Technology," hailed from the open-source community all the way to the most proprietary of companies, Microsoft, and those in between.

Chris Wilson, the platform architect for Internet Explorer at Microsoft, said that the most secure system was the one not plugged into anything, including power.

/zimages/4/28571.gifClick here to read more about a new flaw uncovered in Internet Explorer 7 that opens users up to phishing attacks.

"But thats not particularly useful, so coming up with an enabling scenario that is also secure is the challenge," he said, noting that if users were presented with a large screed of text requesting approval for something, research had shown that "they will click OK to anything."

He also defended the frequent use of permission requests in Vista, Microsofts latest Windows operating system, when another panelist asked him why, then, users were faced with so many of these in the product, saying Vista was not the only product to do this.

Charles McCathieNevile, the chief standards officer at Opera, said that the security models on the Web were pretty immature.

But the primary participants in the industry were not interested "in another browser war. We are all committed to interoperability and we are listening to what our users want," he said.

Brendan Eich, the chief technology officer at Mozilla, said that security was hard and always will be. "I dont think we should take security lightly; its an end-to-end problem and we have to step outside the current model to win on this front," he said.

/zimages/4/28571.gifTo read more about why Internet Explorer lost further ground in 2006, click here.

For his part, Chris Wetherell, a software engineer at Google, said one of the scenarios that kept him awake at night was offline access to the browser and what that meant from a security perspective, particularly on the user-to-user front.

With regard to the current state of the browser market and the role of Web 2.0, Microsofts Wilson said that the Redmond, Wash., software giant had shipped, as part of the Internet Explorer platform in 1998 and 1999, a lot of the technologies now known as Web 2.0.

But he admitted that, as a platform, the browser still had a long way to go, not just as far as Internet Explorer was concerned, but with regard to all the current browser platforms. "They are all missing some of the client-side features, but have certainly become far more robust over time," he said.

/zimages/4/28571.gifClick here to read more about how Mozilla recently updated security for Firefox.

Asked what the real tipping point was for the development of Web 2.0 applications, Wilson said that came with the rise of social networking and mashups.

But Mozillas Eich disputed that the release of Internet Explorer had been the precursor to Web 2.0. "While IE had a lot of good stuff in it, it wasnt responsible for Web 2.0. Development tools have helped a lot in this regard," he said.

A lot of its current work was around writing Web applications that were more efficient and had better code efficiency, he said.

/zimages/4/28571.gifRead more here about how the W3C is creating a new HTML standard and enhancing the XHTML specification.

"We also want memory use to be more linear, but this kind of engineering takes time and we will get it right eventually. Being able to control the integrity of your data is an important part of this," he said.

With regard to what was responsible for the rise of Web 2.0, Eich said Web development tools like Ajax had contributed to this, while many developers were motivated to add features to existing Web applications, a trend that continues today.

For Operas McCathieNevile, the browser has matured, its authors have matured and there has been a shift to a more reliable platform.

"There had also been a huge explosion as to how many people now have a browser, and the market is growing again, what with mobile browsers becoming true browsers in terms of what they can do," he said.

/zimages/4/28571.gifWeb 2.0: How high-volume eBay manages its storage. Click here to read more.

But McCathieNevile said he had not suddenly seen a mass influx of developers around Web 2.0 applications. "Rather, there were a lot of small communities building cool things and learning from one another," he said.

Googles Wetherell said that while Google would continue to look to the browser as the primary delivery mechanism for its Web applications, the company was always looking at how best to bring its products and services to customers, wherever they were, be that on mobile phones and other form factors, he said.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis about productivity and business solutions.