examples:example4

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
examples:example4 [2009/10/20 15:50]
aspectscript 		examples:example4 [2009/11/06 20:49] (current)
aspectscript
Line 1: Line 1:
 +====== Access Control with Scoping Strategies ======
 +
 Most modern Web applications allow third-party applications to provide extra Most modern Web applications allow third-party applications to provide extra
 functionality through an API. However, one of the most attractive features functionality through an API. However, one of the most attractive features
Line 25: Line 27:
  
 <html> <html>
-    <iframe src="/aspectscript/external/aspectscript/paperExamples/example4-1" width="815" height="320"></iframe>+ 
 +<html> 
 +<link href="/aspectscript/external/aspectscript/paperExamples/style.css" rel="stylesheet" type="text/css"/> 
 +  <script type="text/javascript" language="javascript" src="/aspectscript/external/aspectscript/paperExamples/lib.js"> </script> 
 +   <iframe id="example1" src="/aspectscript/external/aspectscript/paperExamples/example4-1" width="815" height="370"></iframe>     
 +    <iframe id="code1" style="display:none" src="/aspectscript/external/aspectscript/paperExamples/example4-1/script.js" width="815" height="370"></iframe> 
 +   <a id="button" class="button" onclick="toggle('code1','example1')"> <span>Toggle between the code and example </span></a>
 </html> </html>
  
-However, if the malicious application changes to:+\\ However, if the malicious application changes to: 
 <code java> <code java>
 var maliciousApplication = { var maliciousApplication = {
-  // ... as above+  fakeURL : '123.45.56.78/facebook.com',
   action : function() {   action : function() {
      setHomeLink(this.fakeURL) ; // indirect modification      setHomeLink(this.fakeURL) ; // indirect modification
 +} };
 +</code>
 +
 +Or to:
 +
 +<code java>
 +var maliciousApplication = {
 +  fakeURL : '123.45.56.78/facebook.com',
 +  action : function() {
    // modification scheduling in 100 ms    // modification scheduling in 100 ms
    var fakeURL = this.fakeURL;    var fakeURL = this.fakeURL;
Line 40: Line 58:
 </code> </code>
  
-It is not possible to identify the malicious action of the application. A solution to this problem is to use a more expressive scoping for deployment of the aspect+It is not possible to identify the malicious action of the application anymore, because the access to the home link is indirect. A solution to this problem is deploy the aspect with a more expressive scoping definition by means of a scoping strategy.
  
-The implementation follows:+The following window uses scoping strategies to avoid the indirect access to home link of the malicious application:
  
 <html> <html>
-    <iframe src="/aspectscript/external/aspectscript/paperExamples/example4-2" width="815" height="320"></iframe>+   <iframe id="example2" src="/aspectscript/external/aspectscript/paperExamples/example4-2" width="815" height="370"></iframe>     
 +    <iframe id="code2" style="display:none" src="/aspectscript/external/aspectscript/paperExamples/example4-2/script.js" width="815" height="370"></iframe> 
 +   <a id="button" class="button" onclick="toggle('code2','example2')"> <span>Toggle between the code and example </span></a>
 </html> </html>
  
  • examples/example4.1256053829.txt.gz
  • Last modified: 2009/10/20 15:50
  • by aspectscript