contents   index   previous   next



Usually it is enough to specify which functions you want to allow to be called in the jseSecurityInit function and leave it at that. There can be cases in which you want to allow a function to be called with certain parameters but reject it with others. For instance, you may want to limit creating sockets to certain ports or limit opening files to certain filenames. You specify jseSecureGuard for the setSecurity() options for these functions, and before they can be called, your jseSecurityGuard function will first be called to validate this call.


Here is an example:


function jseSecurityGuard(security_var, func, filename)


   if( func==Clib.fopen )


      /* get the full path so the user can't trick us with

      * something like: 'c:\\temp\\..\\windows\\win.ini'


      var actualname = SElib.fullpath(filename);


      /* We only want to allow files in this directory

      *to be opened.


      return Clib.strnicmp("c:\\temp\\",actualname,8)==0;




      return false;




This function, like the other two, gets the security variable as its first parameter. Again, we will describe that shortly. The second parameter is the actual function being called. In this example, we compare it to Clib.fopen() so that we can validate a call to Clib.fopen(). The security guard function must return true to allow the call or false to disallow it. In this case, we return false if it is not Clib.fopen(). Presumably, we only label Clib.fopen() as jseSecureGuard, so only Clib.fopen() will be using this guard function.


We include the else clause because it is always a good idea to cover all bases. If it is something we do not expect, we just say no. This is good programming practice in general. If the parameters are not what you expect, even if you think it is impossible for them not to be, still do something sensible even if that turns out not to be the case.


Notice that this function has a third parameter, filename. All of the parameters that are being passed to the called function are also passed to the security guard function after the two parameters it always gets. The first parameter to the called function is the third to security guard, the second we receive as our fourth, and so on. This allows us to examine the parameters that the function will get when deciding if we want to allow the call. In fact, there would be little point in not examining the parameters. If we are always going to reject or accept a particular call regardless of the parameters, we can instead just set that up in the jseSecurityInit function.


Perceptive readers will note that Clib.fopen() actually takes two parameters, but we have only named one of them. In JavaScript, you can pass extra parameters to script functions, more than are named in the parameter list. These parameters are still there and can be accessed using the arguments object. In this case, filename is the same as arguments[2], and we could have referred to it that way. The file mode parameter to Clib.fopen() will also be passed to us. We can refer to it as arguments[3], or we can name it in the parameter list if we need to check it as well.


This example checks the name and only allows file access in the C:\temp\ directory. We could limit it in any way we choose, this is just one possibility.