UHTML and Website Security

Protected against attacks

The mixture of HTML and progamming code in the same file is a common security hazard. UHTML eliminates this risk due to disjunction of the work areas of programmer and webdesigner.

UHTML leaves the basic HTML syntax of the webfiles unchanged. It just extends the tag set and uses the tags and parameters in the same proved way as pure HTML. There is no need to use the CGI-Interface to communicate between the webpage and the programm functions. This disposes a common weak point of dynamic websites primarly used for attacks.

Thanks to the clearly defined interface the programmer is able to build in a central control system to verify the integrity of external originated data. This allows to block any inconsistent data before it causes any damage. This protection against site injections remains in function while a possible future website extension. It makes upgrades more reliable and increases generally the stability of a website.

Opposite to many other technologies error messages are not displayed by default within the webpage. The use of errors for spying on the internal data structure of a website is impeded and the most common way to lay a website open to attack is useless.

Error messages in UHTML versus php