DEV Community

Tannu Daral
Tannu Daral

Posted on

Are Websites and Web Applications Different?

Yes, absolutely. Certain characteristics set one apart from the other.

1. Interactivity
A website provides visual and text content that the user can see and read, but not alter in any way. While in the case of a web application, user can read the page content and manipulate the data on this page. The interaction can take place in:

  1. User clicks a button or,
  2. User submits a form and gets a response from the page. This response may take a form of a document download, online chat, electronic payment and more.

It is rare to find a website today without any evidence of interactivity. The majority of modern websites contain small web application elements. For example, on a restaurant website, a Google Maps widget may show how to get to the restaurant. However, the ratio between informational content and interactivity tends to be biased towards the former for websites. It is rare for a website to have many interactive elements, and people typically just read, watch or listen to information. Web applications are the opposite since their core functionality is based on interaction.

2. Aunthetication
Aunthetication and Authorization
Authentication is the process of entering a user's login and password to gain access to a system. It is a must for web software that requires any personal information. User accounts must be secured to prevent unauthorized access and leakage of sensitive data.

The majority of web applications require authentication since they offer more options than websites. Take social networks, for instance. You receive a unique identification number when you register, along with an account. If you use a weak login or password, the system will warn you. If you leave them unchanged, hackers might gain access to your account, steal your information, and annoy other users with junk emails.

3. Complexity
Complexity of Web Development
The website will only display the collected information and data if the user searches that page.
Web applications have higher and more complex functions compared to websites.

The process of creating a website is relatively simple. But creating a web application requires a deeper understanding, more experience, and more planning.

Top comments (1)

yoshida profile image
Masao Yoshida

I haven't thought authentication would separate web apps and websites.
By the way, I will attach more detailed description about authentication and authorization from .

In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.
Comparing these processes to a real-world example, when you go through security in an airport, you show your ID to authenticate your identity. Then, when you arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to the plane.

Differences between authentication and authorization:

  • Authentication determines whether users are who they claim to be, while authorization determines what users can and cannot access.
  • Authentication challenges the user to validate credentials (for example, through passwords, answers to security questions, or facial recognition), while authorization verifies whether access is allowed through policies and rules.
  • Usually, authentication done before authorization, while authorization done after successful authentication.
  • Generally, authentication transmits info through an ID Token, while authorization transmits info through an Access Token.
  • Generally, authentication governed by the OpenID Connect (OIDC) protocol, while authorization governed by the OAuth 2.0 framework.

For example, employees in a company are required to authenticate through the network before accessing their company email, and after an employee successfully authenticates, the system determines what information the employees are allowed to access.

In short, access to a resource is protected by both authentication and authorization. If you can't prove your identity, you won't be allowed into a resource. And even if you can prove your identity, if you are not authorized for that resource, you will still be denied access.

It would appreciate if this comment could help your understanding even a little.