examples:example4

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
examples:example4 [2009/10/20 12:50]
aspectscript 		examples:example4 [2009/10/26 16:22]
aspectscript
Line 1: Line 1:
 +====== Access Control with Scoping Strategies ======
 +
 Most modern Web applications allow third-party applications to provide extra Most modern Web applications allow third-party applications to provide extra
 functionality through an API. However, one of the most attractive features functionality through an API. However, one of the most attractive features
Line 25: Line 27:
  
 <html> <html>
-    <iframe src="/aspectscript/external/aspectscript/paperExamples/example4-1" width="815" height="320"></iframe>+ 
 +<html> 
 +<link href="/aspectscript/external/aspectscript/paperExamples/style.css" rel="stylesheet" type="text/css"/> 
 +  <script type="text/javascript" language="javascript" src="/aspectscript/external/aspectscript/paperExamples/lib.js"> </script> 
 +   <iframe id="example1" src="/aspectscript/external/aspectscript/paperExamples/example4-1" width="815" height="370"></iframe>     
 +    <iframe id="code1" style="display:none" src="/aspectscript/external/aspectscript/paperExamples/example4-1/script.js" width="815" height="370"></iframe> 
 +   <a id="button" class="button" onclick="toggle('code1','example1')"> <span>See the code or example </span></a>
 </html> </html>
  
-However, if the malicious application changes to:+\\ However, if the malicious application changes to: 
 <code java> <code java>
 var maliciousApplication = { var maliciousApplication = {
-  // ... as above+  fakeURL : '123.45.56.78/facebook.com',
   action : function() {   action : function() {
      setHomeLink(this.fakeURL) ; // indirect modification      setHomeLink(this.fakeURL) ; // indirect modification
 +} };
 +</code>
 +
 +Or to:
 +
 +<code java>
 +var maliciousApplication = {
 +  fakeURL : '123.45.56.78/facebook.com',
 +  action : function() {
    // modification scheduling in 100 ms    // modification scheduling in 100 ms
    var fakeURL = this.fakeURL;    var fakeURL = this.fakeURL;
Line 40: Line 58:
 </code> </code>
  
-It is not possible to identify the malicious action of the application. A solution to this problem is to use a more expressive scoping for deployment of the aspect+It is not possible to identify the malicious action of the application anymore, because the access to the home link is indirect. A solution to this problem is deploy the aspect with a more expressive scoping definition by means of a scoping strategy.
  
 The implementation follows: The implementation follows:
 +
  
 <html> <html>
-    <iframe src="/aspectscript/external/aspectscript/paperExamples/example4-2" width="815" height="320"></iframe>+<link href="/aspectscript/external/aspectscript/paperExamples/style.css" rel="stylesheet" type="text/css"/> 
 +  <script type="text/javascript" language="javascript" src="/aspectscript/external/aspectscript/paperExamples/lib.js"> </script> 
 +   <iframe id="example2" src="/aspectscript/external/aspectscript/paperExamples/example4-2" width="815" height="370"></iframe>     
 +    <iframe id="code2" style="display:none" src="/aspectscript/external/aspectscript/paperExamples/example4-2/script.js" width="815" height="370"></iframe> 
 +   <a id="button" class="button" onclick="toggle('code2','example2')"> <span>See the code or example </span></a>
 </html> </html>
  
  • examples/example4.txt
  • Last modified: 2009/11/06 16:49
  • by aspectscript