Table of Contents
Advertisement
Secure script loading
The Flash Media Server script security model enables one to limit the exposure to potentially
malicious or buggy third-party code that may be included on the server side. An example
would be an extensible application where users could download third-party plug-ins or
components, then load or evaluate them in the application. If you are concerned that such
plug-ins or components may compromise the system, you can apply the script security model
to restrict them. The script security model is not designed to detect or prevent error
conditions such as an infinite loop in third-party code, but it is useful for preventing or
limiting certain potentially dangerous functionality such as the ability to make arbitrary
connections, and read/write file objects.
Script security is probably not applicable for most applications, but it can be very valuable to
anyone building dynamically extensible applications—the kind that loads and evaluates code
from external sources.
When an application is started, it first looks for and loads the file secure.asc. During this
period of time, it makes the APIs
and
available. These may
protectObject()
getGlobals()
be used to manipulate global functions, classes and objects in a way that is not possible during
normal application execution. Once Flash Media Server is done loading
, it
secure.asc
makes these APIs unavailable. It then proceeds to load
and other scripts in the
main.asc
normal manner.
For example, if you wanted to implement an ID generator that must generate an ever
increasing numbers for IDs, then you would add a function like the following in your
script.
main.asc
Example
idGen = {};
idGen._nextID = 0;
idGen.nextID = function() { return this._nextID++; }
This example suffices for generating IDs. However any part of the script can easily redefine
the
function or directly modify the
value. There was no way to prevent
nextID()
_nextID
redefinition in the previous versions of Flash Media Server. With the script security model,
however, you simply add the code for the generator into
.
secure.asc
// Begin secure.asc
trace( "loading secure.asc" ) ;
var global = getGlobal(); // grab the global object
var idgen = {};
idgen._nextID = 0;
idgen.nextID = function() { return this._nextID++; }
// Create a protected object out of idgen and make it
220
Flash Media Server Security
Advertisement
Table of Contents
Related Manuals for MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER
Related Products for MACROMEDIA FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER
- MACROMEDIA CAPTIVATE 2
- MACROMEDIA DIRECTOR MX 2004-GETTING STARTED WITH DIRECTOR
- MACROMEDIA DIRECTOR MX 2004-USING DIRECTOR
- MACROMEDIA DIRECTOR MX 2004-DIRECTOR SCRIPTING
- MACROMEDIA DREAMWEAVER MX 2004-EXTENDING DREAMWEAVER
- MACROMEDIA DREAMWEAVER MX 2004-DREAMWEAVER API
- MACROMEDIA FIREWORKS 2-USING FIREWORKS
- MACROMEDIA FLASH MEDIA SERVER 2-CLIENT-SIDE ACTIONSCRIPT LANGUAGE REFERENCE FOR FLASH MEDIA SERVER 2
- MACROMEDIA FLASH MEDIA SERVER 2-INSTALLING FLASH MEDIA SERVER 2
- MACROMEDIA FLASH MEDIA SERVER 2-DEVELOPING MEDIA
- MACROMEDIA FLASH MEDIA SERVER 2-SERVER MANAGEMENT ACTIONSCRIPT LANGUAGE
- MACROMEDIA FLASH MX 2004-DATA
- MACROMEDIA FLASH MX 2004-LEARNING FLASH
- MACROMEDIA FLASH MX 2004-FLASH JAVASCRIPT DICTIONARY
- MACROMEDIA FLASH MEDIA SERVER 2-SERVER-SIDE ACTIONSCRIPT LANGUAGE
- MACROMEDIA FLASH MX 2004-ACTIONSCRIPT LANGUAGE
Need help?
Do you have a question about the FLASH MEDIA SERVER 2-MANAGING FLASH MEDIA SERVER and is the answer not in the manual?
Questions and answers