XPLATFORM supports security policy based on the concept of Sandbox.
Security means protecting resources of a PC (folder/file) from hackers who try to steal or destroy without the consent of the owner of the PC. This chapter deals with Sandbox related security policy and its application methods provided by XPLATFORM.
Following are the terms used in this chapter.
Sandbox
It is running a program within a protected area, and is a security model that prevents bad influences from the outside elements. It comes from the expression ‘Do not let your child get out of the sandbox.’ In this model the program coming from the outside is run after the program is within the protected area, the sandbox. ‘The sandbox’ is separated from other files or processes and is prohibited from being operated from the inside to the outside.
Personal folder
It is a personal folder for OS Login User.
For MS Windows it refers to “My Documents”,
And for Linux it refers to user home folder.
Domain
For example, for the URL www.tobesoft.com/xplatform/a.xml
The domain means www.tobesoft.com.
Domain specification URL
It refers to the URL using www.tobesoft.com/xplatform/a.xml form of domain.
IP specification URL
It refers to the URL using IP Address in 127.0.0.1/xplatform/a.xml form.
D Class
In the case of Domain specification URL. For example for www.tobesoft.com it refers to the part“*.tobesoft.com”
In the case of IP specification URL. For example for “127.0..0.1” it refers to the “127.0.0.*” part of the IP.
Security policy
All rights to security belong to the user (PC owner). Therefore, when approaching the resources (folder/file) of a PC that is under protection, the rule is that XPLATFORM will make a ‘user check pop up’ appear and gain the user’s approval. ‘User check pop up ‘notifies user of approaching an unsafe file and enables the user to choose whether to allow access to the files and subfolders within a folder or not.
Security application targets
Folders (example:\) and files of user PC excluding personal folders (Regardless of security, ‘user check pop up’ does not work in personal folders. They are freely accessible in projects.)
URL when processing socket communication
Engine Update related URL(ADL engineer, Type Definition update url )
(However, service url, form url and so on and general folders that are irrelevant to PC resource approach can be checked by the user and therefore are not subject to protection.
Security management method
Project administrator manages security by setting Sandbox Option (security level and related functions) provided by XPLATFORM. However we make it a rule that setting Sandbox Options does not affect project development.
Security level setting rights
The rights to security level setting are only given to the project manager.
Therefore, only the project manager can set security levels and the developer should not be allowed to arbitrarily adjust security levels.
Security level setting unit
Security level setting unit is ADL. Therefore, security levels can be adjusted only in ADL.
Types and roles of security level
XPLATFORM provides two kinds of security level, “Private” and “All”.
private
Only approach to limited resources is possible.
Folders other than personal folders are not accessible.
Only the D Class URLs of ADL URLs are accessible.
All
Access to all resources is possible.
However, this is only after XPLATFORM has made ‘user check pop up’ and the user has checked.
Below shows the information in an organized manner.
Security Level | Security application target | User check pop up | Accessibility | |
|---|---|---|---|---|
Private | Folder | Personal folder | X | o |
Other folders | X | x | ||
URL | D Class URL | X | o | |
Other URL | X | x | ||
All | Folder | Personal folder | X | o |
Other folders | O | o | ||
URL | D Class URL | X | o | |
Other URL | O | o | ||
We make it a rule to make path specifying method related to security functions the same as that of the web to maintain compatibility with XPLATFORM HTML5 version.
Specific security policy
Project Manager has to set property of ADL’s file secure level or network secure level to ‘private’ or ‘all’. (Default is ‘private’.)
However, application object provides property but with Read only so that the developer cannot arbitrarily modify in script. Therefore, when ADL loads and property value is set this value cannot be altered while the program is running.
For ‘private’, when folders or URLs that are subject to security application are approached, ‘user check pop ups’ do not appear and access is impossible. For ‘all’, when folders or URLs that are subject to security application are approached, XPLATFORM makes the ‘user check pop up’ appear and when the user approves, only in this case is access permitted.
To enable full screen processing (ex. Blur) before ‘User check pop up’ appears ADP provides on Before User Confirm Event.
It is possible to change the message that appears on ‘user check pop up’ by changing the contents of ‘errordefine.xml”.
The domain is root when the ‘/’ of an URL refers to XML path, so it refers to the same domain path as the functions of web browsers.
On PCs, ‘/’ means the root of the drive in which Window system folder exists. (For linux“/” means root.)
“./”means current path. However, on PC path (when using VirtualFile Component) ‘/’ means ‘personal folder’.
We make it a rule to follow the web policies for anything not mentioned above.
Security application methods
The specific cases when XPLATFORM can steal, destroy resources of a user’s PC is when accessing a user PC resources using FileDialog, VirtualFile or stealing user PC resources using TCPClientSocket component.
When using File Dialog component
FileDialog does not have a risk of security as folders and files can be selected by users and cannot be arbitrarily altered by developers. Therefore, when using FileDialog access to folders/files is possible regardless of security level.
When using VirtualFile
Project Manager sets ADL filesecurelevel Property to ‘private’ or ‘all’. (default is “private”.)
Folders other than personal folders do not allow access if set to ‘private’ and when set to ‘all’ XPLATFORM sends ‘user check pop up’. However, application. File secure level is Read-only, so this value cannot be altered after ADL has loaded.
The output message of ‘user check pop up’ can be changed in “errordefine.xml”. If screen process is necessary before this pop up appears, you can code the necessary contents to the on Before User Confirm Event of ADL.
When using TCPClientSocket component
Project Manager sets network secure level Property of ADL to ‘private’ or ‘all’. (Default is ‘private’.)
In the case of the D Class URL of ADL URL, access is impossible when set to ‘private’ and for ‘all’ XPLATFORM sends ‘user check pop up’.
However, application.filesecurelevel is Read-only. Therefore this value cannot be altered after ADL has loaded.
Changing the message of ‘user check pop up’ and screen processing before screen appears is the same as when using Virtual File component.
Others
To prevent setup of XPLATFORM engine after swapping with another program, engineurl and updateurl which are URLs related to XPLATFORM update are only accessible when the level is the same as ADL domain regardless of security level.