堆栈内存溢出
  简体   繁体   English

如何从客户端隐藏工作灯适配器过程,但对服务器可见?

[英]How do I hide worklight adapter procedures from client, but visible to the server?

 原文  2014-07-16 12:47:09       ibm-mobilefirst/ worklight-adapters/ worklight-security

问题描述

I have a SQL Worklight Adapter with procedures that should not be exposed to anything except my http Worklight Adapter. 我有一个SQL Worklight Adapter,其过程除我的http Worklight Adapter外,不应暴露于其他任何程序。 I cannot have the procedures as private functions in the http adapter since you cannot mix SQL calls and HTTP calls in the same adapter. 我无法在http适配器中将这些过程作为私有功能使用,因为您无法在同一适配器中混合使用SQL调用和HTTP调用。

I have considered defining a security test to only let invocations coming from the server use it, is there a secure way to do this? 我考虑过将安全测试定义为仅允许来自服务器的调用使用它,是否有安全的方法来执行此操作? Is there any other approach I should use? 我还应该使用其他方法吗?

I use Worklight 6.2.0 CLI version. 我使用Worklight 6.2.0 CLI版本。

1 个解决方案

解决方案1
 0 已采纳  2014-07-18 06:39:28

You could use a "poor-man's" security approach, code all your DB adapters to take an extra parameter, require that parameter to take some value that only the server can supply. 您可以使用“穷人”的安全性方法,对所有数据库适配器进行编码以采用一个额外的参数,要求该参数采用某些仅服务器可以提供的值。

Using a security-test can surely be made to work, I'm just not sure how much work it will be. 使用安全测试肯定可以正常工作,但我不确定它会进行多少工作。 So far as I know you don't have the ability on the server to install a ChallengeHandler, and hence use the simple authentication patterns in the tutorials. 据我所知,您无法在服务器上安装ChallengeHandler,因此无法使用本教程中的简单身份验证模式。 So I think you'd be into writing your own Realm. 所以我认为您会写自己的Realm。

My question would be whether there is real value in doing this. 我的问题是这样做是否有真正的价值。 Suppose instead you just protected all your adapter procedures with the same security test (and that's much easier because the standard ChallengeHandler patterns work because the procedure client is in the WL.CLient space). 假设您只是使用相同的安全性测试来保护所有适配器过程(这要容易得多,因为标准的ChallengeHandler模​​式可以工作,因为过程客户端位于WL.CLient空间中)。 Now only clients authorised to use the HTTP adapters can use the SQL adapters. 现在,只有被授权使用HTTP适配器的客户端才能使用SQL适配器。 What extra privilege have they gained by going direct to the SQL adapter? 通过直接进入SQL适配器,他们获得了哪些额外的特权? If you are doing some additional security checks in the HTTP adapter perhaps this needs refactoring into the security layer or some common functions. 如果要在HTTP适配器中进行其他一些安全检查,则可能需要将其重构为安全层或某些常用功能。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Worklight 中用于加密(客户端)和解密(服务器/适配器)的 API - API for Encryption(Client) and Decryption(Server/Adapter) in Worklight 如何将适配器的安全测试设置为来自worklight.properties? - How do I set an adapter's security test to come from worklight.properties? 如何在IBM Worklight中定义轮询JMS适配器? - How do I define a polling JMS adapter in IBM Worklight? 如何从另一个worklight项目中调用适配器? - How can i call adapter from another worklight project? 如何在Worklight服务器适配器上执行XMLHttpRequest? - How to perform a XMLHttpRequest on a Worklight Server Adapter? Worklight 6.1:如何清除适配器级别的Worklight服务器上的会话 - Worklight 6.1 :How to clear session on worklight server at adapter level Worklight服务器适配器错误 - Worklight Server Adapter Errors Worklight如何从客户端检索服务器上的最新应用程序版本? - Worklight how to retrieve latest app version on server from client side? IBM Worklight 6 - 如何在适配器端获得客户端IP地址 - IBM Worklight 6 - How would i get client IP address on adapter side IBM Worklight - 如何在启动或运行时动态更改适配器从客户端连接到的域/主机名? - IBM Worklight - How to change dynamically domain/hostname to which the adapter connects from the client at launch or runtime?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM