Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
examples:example4 [2009/10/20 16:10] aspectscript |
examples:example4 [2009/11/06 20:49] (current) aspectscript |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Access Control with Scoping Strategies ====== | ||
| + | |||
| Most modern Web applications allow third-party applications to provide extra | Most modern Web applications allow third-party applications to provide extra | ||
| functionality through an API. However, one of the most attractive features | functionality through an API. However, one of the most attractive features | ||
| Line 25: | Line 27: | ||
| < | < | ||
| - | | + | |
| + | < | ||
| + | <link href="/ | ||
| + | <script type=" | ||
| + | < | ||
| + | <iframe id=" | ||
| + | <a id=" | ||
| </ | </ | ||
| - | However, if the malicious application changes to: | + | \\ However, if the malicious application changes to: |
| <code java> | <code java> | ||
| Line 52: | Line 60: | ||
| It is not possible to identify the malicious action of the application anymore, because the access to the home link is indirect. A solution to this problem is deploy the aspect with a more expressive scoping definition by means of a scoping strategy. | It is not possible to identify the malicious action of the application anymore, because the access to the home link is indirect. A solution to this problem is deploy the aspect with a more expressive scoping definition by means of a scoping strategy. | ||
| - | The implementation follows: | + | The following window uses scoping strategies to avoid the indirect access to home link of the malicious application: |
| < | < | ||
| - | | + | < |
| + | <iframe id=" | ||
| + | <a id=" | ||
| </ | </ | ||