This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
776
|
Chapter 18: Securing Applications
Granting temporary access
In some cases, you may want to grant only temporary access to a resource. For exam-
ple, in the SharedText example in Chapter 13, a voluntary locking system was used
to control which client could update the component’s shared object. One way to
enforce locking, rather than having it based on cooperating clients, would be to
abandon having each client update the shared object directly. Every client would use
NetConnection.call( ) to request updates. If the server received an update request
from a client that did not have the shared text area locked, the server would ignore
the update request.
In many cases, using NetConnection.call( ) to send data that is checked over by the
server is the best and most secure approach. However, if the client is able to add,
delete, and update items, then it is possible to grant temporary access to each client
without imposing the potential performance penalty of handling all the data in
Server-Side ActionScript.
Example 18-18 shows the server-side SharedText.edit( ) method. It is very similar to
the one described in Chapter 13 with the difference that the addAccessPath( ) and
removeAccessPath( ) methods are used to provide one, and only one, client with
write access to the shared object.
Role-Based Remote Method Access
Any method attached to the server-side client object or Client.prototype is a poten-
tial security problem because it can be called directly by the Flash movie using Net-
Connection.call( ). For example, it might seem like a good design idea to attach, to a
client, a User object that includes all the methods an application needs for manipu-
lating user information:
client.user = new User(result);
Example 18-18. The SharedText.edit( ) method with access control
SharedText.prototype.edit = function (userName) {
var client = pfcs.getClient(userName);
var currentUser = this.so.getProperty("currentUser");
if (userName == currentUser) {
this.so.setProperty("currentUser", "");
this.removeAccessPath(client, "writeAccess", this.path);
}
else if (currentUser != "")
return;
else {
this.addAccessPath(client, "writeAccess", this.path);
this.so.setProperty("currentUser", userName);
}
};
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Authorization
|
777
However, there is always the danger that the Flash client will call a method that it
shouldn’t on the
client object. For example, if the User object has a method to pro-
mote the user to another role, you wouldn’t want a malicious user to promote him-
self to administrator using a hacked Flash client:
nc.call("user.promoteRole", null, "administrator");
Even when you do want a Flash client to be able to call a method on the server-side
client object, you must make sure a malicious user cannot do more than he should
be allowed to. For example, in a chat application, you don’t want the user to be able
to use a hacked Flash client to pretend to be someone else during a chat session.
A good way to minimize security threats with remote methods is to attach only proxy
methods to each server-side
client object individually when the client connects,
based on the client’s user roles. Each proxy method calls a component method and
passes on information about the client. The component method validates the infor-
mation and then acts on it.
In component-based applications, each component should be responsible for attach-
ing to the
client object a proxy object that contains methods for only that compo-
nent. That way, each component has its own object on the
client object, which it
can manage without interfering with other components. The addObjectPath( )
method of the server-side PFCSComponent class is designed to add a proxy object to
the client based on the unique path of each component. For example, a SharedText
component named
main would use the addObjectPath( ) method to add the pfcs.
SharedText.main
object path to the client object. The client.pfcs.SharedText.main
object is the SharedText component’s proxy object. When the client no longer needs
the SharedText component, the component can use the removeObjectPath( ) method
to delete the proxy object from
client. Example 18-19 shows both the addClient( )
and removeClient( ) methods of a SharedText component, which is based on
PFCSComponent and therefore inherits the addObjectPath( ) and removeObjectPath( )
methods.
Example 18-19. The server-side addClient( ) and removeClient( ) methods of the SharedText
component
SharedText.prototype.addClient = function (client) {
// Add remote methods to the client.
this.addObjectPath(client);
// Any client can ask to edit the messages shared object.
var thisComponent = this;
client.pfcs[this.className][this.name].edit = function ( ) {
thisComponent.edit(pfcs.getUserName(client));
};
// Only some clients can delete the current user on the messages
// shared object.
if (pfcs.clientInRoles(client, "administrator", "moderator", "presenter")) {
client.pfcs[this.className][this.name].unlock = function ( ) {
thisComponent.unlock(pfcs.getUserName(client));

Get Programming Flash Communication Server now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.