Results 1 to 2 of 2

Hybrid View

  1. #1
    Member
    Join Date
    Jan 2010
    Location
    Copenhagen
    Posts
    1

    Client validation inside subscribe call

    Is there any way to identify which client session/user is calling the subscribe method of a DataAdapter?
    For instance, in the MessengerDemo, when a user subscribes to messages to himself, it is done with the "im_<nick>" item. This is defined by the client, so it would be pretty easy for a user to subsititue someone else's nick and thereby subscribe to another's messages instead of their own.
    Now, I already verify the identity of the client in the notifyUser method in the metadataAdapter, is there any way to use the validated user/session information from there in the subscribe method, so I can allow users to only subscribe to their own feed?

  2. #2
    Administrator
    Join Date
    Jul 2006
    Location
    Milan
    Posts
    975
    There is no risk that a client cheats by using an item name dedicated to another client, because the Metadata Adapter can validate the request against user information in getItems.
    For the same reason, you don't need to have the client use client-specific item names, because you can decorate the item names with client information in getItems (despite we opted for the former technique in the Messenger demo).

    On the other hand, thanks to the level of decoupling offered by getItems, we choose not to provide session/user information to the Data Adapter.
    The Data Adapter has to find all the information needed to determine the item meaning packed in the item name it receives through subscribe
    and it is the job of getItems ensuring that the item names are composed in the proper way.

 

 

Similar Threads

  1. Automatic subscribe to different items
    By abhijeetgk in forum Adapter APIs
    Replies: 1
    Last Post: September 28th, 2011, 11:53 AM
  2. Non-blocking IDataProvider.Subscribe
    By bartol82 in forum Adapter APIs
    Replies: 1
    Last Post: August 30th, 2011, 11:15 AM
  3. Replies: 2
    Last Post: December 24th, 2010, 08:51 AM
  4. dynamically subscribe items
    By rd2008 in forum General
    Replies: 9
    Last Post: October 10th, 2008, 11:38 AM
  5. subscribe to items not using threads
    By nagakumaran in forum Adapter APIs
    Replies: 6
    Last Post: October 16th, 2007, 03:11 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT +1. The time now is 05:20 PM.