About Security - MACROMEDIA BREEZE-USING THE BREEZE XML WEB SERVICES Use Manual

A session of a meeting. A session begins when someone enters an empty meeting and
session
ends when all attendees leave the meeting.
An archived meeting.
archive
A file shared using the file-sharing pod within a meeting.
attachment
A plug-in for a meeting.
pod
An image (such as a corporate logo) that can be attached to content such as
logos
presentations.
Each principal and SCO has a unique ID number. When you call an action that uses an entity's
ID as a parameter, the parameter name indicates what kind of entity the ID belongs to, but the
ID remains the same, regardless of the parameter name. Parameter names for IDs include
,
folder-id group-id
For example, to update a user's password, call the
as the parameter. To determine a user's name, call the
user-id
the user's ID as the
There are a few other kinds of IDs, such as
. But in most cases, a parameter name that ends in
question-id
value is either a principal's ID or a SCO's ID.

About security

The security model in Breeze ensures that any code calling a given action is authorized to do so.
Almost every action call must include a cookie that represents a specific logged-in user. In Breeze
4.0, almost every action call must also include an access key.
In Breeze 4.1, you do not need to pass the
parameter in Breeze 4.1 is not harmful, it is ignored.
accesskey
In Breeze 4.0, the access key (also called a connection key) is a code that prevents unauthorized use
of the server. Every action (including
parameter named
keys for Macromedia Breeze hosted (ASP) customers" on page 18
Macromedia Breeze Enterprise (licensed) customers" on page
To call most actions, you must be acting as a particular logged-in user, so you must call the
action before you can perform most other actions. (The exceptions, which are the actions you can
call without logging in, are
.)
accounts
When you log in, the Breeze server returns XML results, which indicate a successful login. The
HTTP headers of those results include a cookie called BREEZESESSION. When you receive the
results of a
login
cookie's value in every subsequent request that you make as that logged-in user. For examples of
how to do this, see
,
parent-acl-id
parameter.
principal-id
login
. Access keys are case-sensitive. To locate your access key, see
accesskey
Action Reference
call, you must save the value of that cookie for later use. You must include that
Chapter 3, "Common Tasks," on page
, ,
principal-id sco-id
user-update-pwd
,
account-id answer-id
parameter. However, passing the
accesskey
) requires an access key, which you specify as a
18.
,
action-list
27.
, and .
user-id
action, and give the user's ID
action, and give
principal-info
,
permission-id
indicates that the parameter's
-id
and "Access keys for
, ,
common-info login
About security
,
acl-id
, and
"Access
login
, and
user-
17