[Cover] [Previous Section] [Next Section] [Index]
Current chapter: Doing More with HDML
Section 20 out of 67 total sections , Section 7 out of 7 sections in this chapter

HDML access control

When you incorporate a URL into an activity--for example by requesting it with a GO task--you gain access to any variables it uses. This poses a potential security risk. To allow you to control this risk, HDML and the UP.Browser support access control, which allows you to specify which URLs can incorporate a URL into an activity.

The default settings for access control allow you to incorporate any URLs on the same domain into an activity. For example, the two decks in Figure 2-16 are located in different directories. However, because they are hosted on the same domain, the default access control settings allow you to create an activity that spans both decks.

FIGURE  2-16.     Activity that spans decks in different directories

Suppose the domain of the second deck were different from the domain of the first deck, as shown in Figure 2-17. The default access control settings do not allow the first deck to include the second deck in the same activity. When the user presses ACCEPT in the first deck, the phone displays an error message (the detailed message is: "Access Control Error").

FIGURE  2-17.     Activity that unsuccessfully attempts to span decks on different domains

Generally, you don't need to change the default access control settings unless:

To configure access control, you use the following HDML options:

For example, to make the activity in Figure 2-17 work correctly, you could either set the PUBLIC option for deck2.hdml to TRUE or you could set the ACCESSDOMAIN option as shown in Figure 2-18.

FIGURE  2-18.     Activity that spans decks on different domains


Using ACCESSDOMAIN and ACCESSPATH options

If the PUBLIC option for a deck is set to FALSE (the default), the phone uses the deck's ACCESSDOMAIN and ACCESSPATH options to determine which other URLs can link to cards within the deck. The phone uses a prefix match to match a deck's ACCESSDOMAIN and ACCESSPATH options with the URLs of decks that attempt to link to it.

IMPORTANT     The phone conducts a very literal string match of a deck's URL with the ACCESSDOMAIN option of the deck it attempts to link to; it does not resolve names or aliases into canonical domain names. For example, if you load a deck with the URL http://red.uplanet.com/deck.hdml, the phone does not allow it to link to a deck with the ACCESSDOMAIN option set to 204.163.165.250 (even though 204.163.165.250 specifies the same domain as red.uplanet.com). You must load the deck using the URL http://204.163.165.250/deck.hdml for it to link to a deck with the ACCESSDOMAIN option set to 204.163.165.250.

Suppose a deck's URL is http://my.com/mydeck.hdml. The following table demonstrates the effects of different combinations of ACCESSDOMAIN and ACCESSPATH settings:

ACCESSDOMAIN  ACCESSPATH  Decks that can link to deck  Decks that can't link to deck 

none (default) 

none (default) 

Any deck hosted on the deck's domain, for example: 

http://my.com/d1.hdml  

http://www.my.com/d2.hdml  
http://my.com/dir/d3.hdml  

Any deck that is not hosted on the deck's domain, for example:  

http://foo.com/d1.hdml 

foo.com  

none (default) 

Any deck hosted on foo.com or any subdomain of foo.com, for example:  

http://foo.com/d1.hdml 

http://www.foo.com/d1.hdml  

Any deck not hosted on foo.com (or a subdomain of foo.com), for example:  

http://bar.com/d1.hdml 

www.foo.com  

none (default) 

Any deck hosted on www.foo.com or any subdomain of www.foo.com, for example:  

http://www.foo.com/d1.hdml 

http://d.www.foo.com/d1.hdml  

Any deck not hosted on www.foo.com (or a subdomain of www.foo.com), for example:  

http://bar.com/d1.hdml 

http://foo.com/d1.hdml  

none (default) 

/dir  

Any deck which has the same domain and a path beginning with dir, for example: 

http://my.com/dir/d1.hdml  

http://my.com/dir/d1/d1.hdml  

Any deck that is not hosted on the deck's domain, for example:  

http://foo.com/d1.hdml 


Summary of access control options

The following table lists the ways you can request a destination and the HDML options the destination deck must specify to allow you to access it.

Task/options used to request URL  Requirements for access 

TASK=PREV (no options) 

TASK=GOSUB DEST=url 

TASK=CANCEL (no options)  

TASK=RETURN (no options)  

None 

TASK=GO DEST=url  

The deck containing url must specify PUBLIC=TRUE, or its ACCESSDOMAIN and ACCESSPATH settings must allow the URL of the requesting deck.  

TASK=GOSUB DEST=url1 NEXT=url2 

TASK=GOSUB DEST=url1 CANCEL=url2  

The deck containing url1 does not need to set any special options. 

The deck provided by url2 must set PUBLIC=TRUE or its ACCESSDOMAIN and ACCESSPATH settings must allow the URL of the requesting deck. 

TASK=CANCEL DEST=url  

TASK=RETURN DEST=url  

The deck containing url must specify PUBLIC=TRUE, or its ACCESSDOMAIN and ACCESSPATH settings must allow the URL of the requesting deck. 

Note that the calling activity (that is the activity that called the activity that specifies the CANCEL or RETURN task) must also specify FRIEND=TRUE.  

TASK=CANCEL CLEAR=TRUE  

TASK=RETURN CLEAR=TRUE  

To allow its variables to be cleared, the calling activity must set FRIEND=TRUE.  

[Cover] [Previous Section] [Next Section] [Index]
Current chapter: Doing More with HDML
Section 20 out of 67 total sections , Section 7 out of 7 sections in this chapter

Copyright © 1999, Unwired Planet, Inc. All rights reserved.