Macromedia flash media server 2-managing flash media server ユーザーズマニュアル
JavaScript security
219
By default, only the management console performs user authorization. When developing your
own media applications, you can decide whether to implement user authorization; some kinds
of applications need this capability while others do not. For example, when developing a
simple chat application, you might choose to create two different versions of your
Macromedia Flash client application. One version might be a chat participant version;
another might be a chat moderator version, with additional functionality built in, such as the
ability to edit users’ posts or disconnect users. Using server-side ActionScript, you can define
which users are able to connect with the moderator version of the application (SWF file).
own media applications, you can decide whether to implement user authorization; some kinds
of applications need this capability while others do not. For example, when developing a
simple chat application, you might choose to create two different versions of your
Macromedia Flash client application. One version might be a chat participant version;
another might be a chat moderator version, with additional functionality built in, such as the
ability to edit users’ posts or disconnect users. Using server-side ActionScript, you can define
which users are able to connect with the moderator version of the application (SWF file).
As an additional security feature, the management console actually connects to the Flash
Admin Service, which then communicates with the server service to perform administration
tasks.
Admin Service, which then communicates with the server service to perform administration
tasks.
JavaScript security
This release of Flash Media Server adds support for custom third-party pods. Pods are
essentially a combination of user interface elements that, along with client and server-side
ActionScript code, extend the features and functionality of Flash Media Server. There are
security implications in using pods, since the pod code is not as tightly controlled as the main
Flash Media Server application.
essentially a combination of user interface elements that, along with client and server-side
ActionScript code, extend the features and functionality of Flash Media Server. There are
security implications in using pods, since the pod code is not as tightly controlled as the main
Flash Media Server application.
Flash Media Server enforces script security when using pods by limiting its execution only to
the application into which it is included and by ensuring that its code does not adversely
affect or compromise the content of other applications.
the application into which it is included and by ensuring that its code does not adversely
affect or compromise the content of other applications.
JavaScript security support consists of secure script loading and protected objects. Script code
is loaded before the main application. This strategy hides user-defined objects behind
restrictive C wrapper objects, which protects their methods and data from being inspected or
manipulated. An application developer can implement system calls to protect critical data and
functions, such as the built-in
is loaded before the main application. This strategy hides user-defined objects behind
restrictive C wrapper objects, which protects their methods and data from being inspected or
manipulated. An application developer can implement system calls to protect critical data and
functions, such as the built-in
global load()
and
setVirtualPath()
functions.