Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherFLASH MEDIA SERVER 2-DEVELOPING MEDIA APPLICATIONS
919293949596979899100
Protecting scripts from third-party code 97
This section provides information about creating protected objects (also called system objects)
and provides examples of how to make both synchronous and asynchronous calls to those
objects.
Understanding system objects
A system object is a built-in or user-defined object wrapped in C-layer code that protects the
object from application code. All calls made on the system object are passed through the C
wrapper; the object can never be accessed or inspected directly.
You create server-side system objects in a secure.asc (or secure.js or secure.ase) file that you
place in the application folder. When an application loads, Flash Media Server looks for this
file and loads it automatically before it processes any other server-side script files.
In Flash Media Server 2, script execution is divided into two modes: secure and normal. In
secure mode, only the secure.asc file (if it exists) is loaded and evaluated—no other
application scripts are loaded. After the secure.asc file is loaded, the server switches to normal
script execution mode until the application is unloaded.
In secure script execution mode, the global
getGlobal() and protectObject() functions
are available. These functions let you create system objects.
In normal script execution mode, the rest of the server-side scripts are loaded and evaluated, as
well as any third-party code. The
getGlobal() and protectObject() global functions are
not available in normal mode, which prevents third-party code from accessing them.
For more information on
getGlobal() and protectObject(), see their entries in the Server-
Side ActionScript Language Reference.
All the methods defined on a system object are protected and therefore can be considered
privileged. Flash Media Server does not explicitly maintain privilege levels, however. You can
use protected objects to implement any security model, for example:
System calls
Privilege rings
Access control lists (ACLs)
NOTE
The number of system objects is unlimited; any object that is protected by a call to
the
protectObject() function is a system object.