HTML Client Suggestions
=======================
Use Medusa (http://www.nightmare.com/medusa/)
An Asynchroneous Python-based Persistent Network Server
Since it is persistent, do the following:
Each "session" is assigned a session key (that can time out)
This session key will be stored as a "key" in a persistent hash.
The "value" portion of session hash will the last page hash.
Everytime a new page is generated, a new "Page Hash" will be created
and stored (as mentioned above) in the session:page hash.
Whenever a post request comes through, the server will verify:
1. The session is still active
2. The passed page key matches the last stored page key
If (1) fails, then display a time-out message. If (2) fails,
issue a warning message and redraw the last known state, ignoring
any posted values.
A GFInstance is stored in a separate SessionKey:Instance hash.
Problems to Consider
====================
First, the following assumptions are made:
1) The web interface could be used for any transactional web-based data front-end.
Examples (although extreme and probably not likely): online banking; online
credit line statements
Replay protection: A transaction can only be made once. Do not allow clicking the "back"
button, or copying the source and slightly modifying it, or bookmarking a
transactional page. The use of page-specific (non-sequential and non-predictable)
"Page Key" will hopefully prevent this.
Integrity: Fields that should not be modified are not. Important: any hidden or read-only fields
are not passed as form variables; instead, keep these at the server end and use the stored values
not any values passed by html form fields. Do not assume that just because we do not list a hidden
field in the page source sent to the browser it won't in fact be passed back; it is quite
probable that a hacker might try to guess at internal variable names.
All triggers expected to fire are, in fact, fired, or at least a well-documented process of
executing triggers is established.