Conventional browsers are used to display information from and provide information to certain applications ("browser based applications"). The browser usually resides on a user's local system. The browser based application typically resides on a server remote from the user's local system ("remote server"). Thus, the browser typically accesses information from the browser based application by accessing the remote server via a public network such as the internet. Certain conventional servers are available for use on the local system on which the browser resides. Such conventional local servers serve the same functions as conventional remote servers. Thus, the conventional local server can typically be accessed not only by the browser on the local system, but also through the internet by browsers residing on other systems. By accessing different remote servers, a user is allowed to view content from and provide input to a variety of remote servers using the local browser.
Use of browser based applications are becoming increasingly popular for several reasons. Browser based applications are comparatively fast and easy to implement. Thus, such applications are attractive to developers. In addition, such applications use the browser for user interactions. As a result, browser based applications can provide a consistent look and feel to the user. In addition, browser based applications may be executed from any browser residing on a local system having a connection to the remote server on which the browser based application resides. Thus, the browser based applications appears to the user to be transportable.
Although browser based applications are popular, there are several limitations to the use of browser based applications. Because communication is typically between browsers and remote servers, restrictions are imposed to reduce security risks. Communication between a browser and a remote server is typically over a public network such as the internet. These public networks can be extremely hostile environments. Individuals may wish to gain access to confidential information residing on the local system or on the remote server. Other individuals may wish to change portions of the local system, the browser based application, or the remote server. Such changes may adversely affect the performance of the system changed. The potential for such attacks calls for the implementation of safeguards to protect the local system as well as the remote server.
One such safeguard imposed is the inability of a browser to access the local resources of the local system. As a result, a server on which the browser based application resides cannot access the local resources of the browser's local system. For example, a browser based application residing on a remote server cannot read information from the local system's disk drives. As a result, information on the local system cannot be read or modified by an external user. This aids in protecting the local system from external attack. However, it also limits the utility of browser based applications.
Conventional mechanisms exist for mitigating limitations imposed by browsers. For example, plug-ins and ActiveX controls may be available for certain browsers. Such plug-ins may allow a browser based application to access the local resources through the browser. Similarly, a conventional local server may allow access to local resources through the browser. However, mechanisms such as plug-ins are often specific to certain browsers and difficult to implement. Moreover, by allowing access to the local resources through the browser, such mechanisms typically leave the local system vulnerable to attack from users of the public network. Similarly, a conventional local server accepts connections from browsers not residing on the local system. Thus, the conventional local server also opens the local system for external attack.
Another limitation to the use of browser based applications is due to the client-server architecture inherent in browser-server communication. Browsers are typically the client in the client-server interaction. The purpose of the browser in such an interaction is to display information provided by and supply information to the remote server. The remote server contains the browser based application and data. Typically, the remote server is configured to accept a connection from any browser. However, the browser based application may and the data may be sensitive. Thus, the remote server may restrict access to the browser based application, allowing only authorized users to use the application.
Typically, a remote server determines whether a user is authorized by requiring the user to enter a password, by restricting access to specific pre-configured systems, or both. Passwords are typically considered to be not very secure because passwords can be guessed or obtained. Restricting access to an authorized system also circumvents one of the benefits of browser based applications the ability of the application to be accessed from virtually any system that is equipped with a browser and that has access to the network connected to the remote server on which the application resides. Furthermore, there are methods for fooling the remote server into believing that it is communicating with an authorized system when it is not. Consequently, such security precautions are of somewhat limited utility.
The free extensibility of remote servers and conventional local servers also limits the utility of browser based applications. In addition to their vulnerability to theft, the browser based application and data residing on the remote server may be vulnerable to being augmented or destroyed. This danger stems from the nature of conventional servers. Conventional remote servers and conventional local servers are relatively freely extensible. Conventional remote and local servers are relatively freely extensible to be able to provide certain types of content. Conventional remote and local servers provide browsers with two classes of content. First, conventional remote and local servers provide the browsers with static information typically consisting of hypertext markup language ("HTML") documents and digital images. Second, conventional remote and local servers can provide dynamic content, including HTML documents and images. Dynamic content is generated on the fly by applications. The conventional remote or local server executes these applications on the browser's behalf. Both the static content and the applications stored on the remote or local server's disk drive and are, therefore, easily changed. Thus, conventional remote servers and conventional local servers allow a user to relatively freely add functions or data, or to modify existing functions or data. As a result, the conventional remote server and conventional local server are subject to external attack.
Accordingly, what is needed are a system and method which allows a browser based application to provide its intended function without suffering from some of the above drawbacks associated with using browser based applications. In particular, it would be beneficial if the method and system allow access to local resources, communication with remote systems or servers while maintaining the security of the local system or the remote system, or which provide functions that appear to the user through the browser interface without accessing the external systems. The present invention addresses such a need.