MACROMEDIA BREEZE-USING THE BREEZE XML WEB SERVICES, Руководство пользователя

Страница: 17 / 196

About security 17
session
A session of a meeting. A session begins when someone enters an empty meeting and
ends when all attendees leave the meeting.
archive
An archived meeting.
attachment
A file shared using the file-sharing pod within a meeting.
pod
A plug-in for a meeting.
logos
An image (such as a corporate logo) that can be attached to content such as
presentations.
Each principal and SCO has a unique ID number. When you call an action that uses an entity’s
ID as a parameter, the parameter name indicates what kind of entity the ID belongs to, but the
ID remains the same, regardless of the parameter name. Parameter names for IDs include
acl-id
,
folder-id
,
group-id
,
parent-acl-id
,
principal-id
,
sco-id
, and
user-id
.
For example, to update a user’s password, call the
user-update-pwd
action, and give the user’s ID
as the
user-id
parameter. To determine a user’s name, call the
principal-info
action, and give
the user’s ID as the
principal-id
parameter.
There are a few other kinds of IDs, such as
account-id
,
answer-id
,
permission-id
, and
question-id
. But in most cases, a parameter name that ends in
-id
indicates that the parameter’s
value is either a principal’s ID or a SCO’s ID.
About security
The security model in Breeze ensures that any code calling a given action is authorized to do so.
Almost every action call must include a cookie that represents a specific logged-in user. In Breeze
4.0, almost every action call must also include an access key.
In Breeze 4.1, you do not need to pass the
accesskey
parameter. However, passing the
accesskey
parameter in Breeze 4.1 is not harmful, it is ignored.
In Breeze 4.0, the access key (also called a connection key ) is a code that prevents unauthorized use
of the server. Every action (including
login
) requires an access key, which you specify as a
parameter named
accesskey
. Access keys are case-sensitive. To locate your access key, see “Access
keys for Macromedia Breeze hosted (ASP) customers” on page 18 and “Access keys for
Macromedia Breeze Enterprise (licensed) customers” on page 18 .
To call most actions, you must be acting as a particular logged-in user, so you must call the
login
action before you can perform most other actions. (The exceptions, which are the actions you can
call without logging in, are
Action Reference
,
action-list
,
common-info
,
login
, and
user-
accounts
.)
When you log in, the Breeze server returns XML results, which indicate a successful login. The
HTTP headers of those results include a cookie called BREEZESESSION. When you receive the
results of a
login
call, you must save the value of that cookie for later use. You must include that
cookie’s value in every subsequent request that you make as that logged-in user. For examples of
how to do this, see
Chapter 3, “Common Tasks,” on page 27 .