Databases
StackOverflow2013
Postsdbo
PODoes this conform to a certain pattern?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODoes this conform to a certain pattern?
    primarykey
    data
    text
    <p>Some time ago, I found a mechanism to protect </p> <ul> <li>the control flow </li> <li>and all parameters</li> </ul> <p>of web-application (controllers) against <strong>highjacking</strong>.</p> <p>The technique provides this:</p> <ul> <li>All <strong>parameters</strong> of request are kept at the <strong>server side</strong></li> <li>No parameter ever reaches any URL</li> <li>The <strong>control flow</strong> of an application strictly gets <strong>controlled by server-side state</strong></li> </ul> <p>The base principle is this:</p> <ul> <li><p>Define a controller <strong>FlowController</strong></p></li> <li><p>If a web page needs to include a link to another controller with certain parameters, ask <strong>FlowController to prepare the link</strong></p></li> <li><p>FlowController does not provide the link directly, but <strong>maintains a server side state</strong>, which keeps all link-related information [controller class to be called, arguments to get passed]</p></li> <li><p>Ultimately, FlowController returns not an actual link, but a <strong>random hash-value</strong>, which identifies the server side's state</p></li> <li><p>Once a <strong>hashed link</strong> comes back from the browser, it gets passed to FlowController, which looks up the related state and <strong>manages to instantiate the controller and pass arguments</strong></p></li> </ul> <p><strong>Consequences:</strong> </p> <ul> <li><p>No link can be predicted. </p></li> <li><p>Thus, no controller can be called without before getting authorization by FlowController.</p></li> <li><p>All <strong>parameters</strong> retrieved form FlowController managed state passed to controllers can <strong>safely be trusted</strong>.</p></li> </ul> <p>Moreover:</p> <ul> <li><p>FlowController manages link states using a stack</p></li> <li><p>FlowController provides set-back points: FlowControler::TerminateFlow() forces the application to re-establish the last set-back point. </p></li> <li><p>If FlowController gets asked to start a non-top flow, it automatically deletes all flows above. Thus, if you return to an earlier state of the application, all follow-up states automatically get invalidated.</p></li> </ul> <p><strong>Consequences:</strong> One can call certain workflows - sequences of controllers - in a pure subroutine fashion: Request a set-back point to get set. Run the first controller of the workflow. Eventually, some controller will call FlowControler::TerminateFlow() and the control-flow will return to the caller's environment.</p> <p>Note, that the first called controller - more general the whole workflow of several controllers - <strong>doesn't know which other part of of the applications requested its execution</strong>. The initiator of the workflow started it using a fire-and-forget fashion: The workflow will eventually come back to me. At a certain point, the workflow signals, that it is done. Important: <strong>It does not request a certain continuation controller.</strong> Thus, the workflow is fully decoupled from any caller.</p> <p>Since I've never seen such a mechanism in frameworks, I wonder if this is a new pattern. </p> <p><strong>Question: Is this a new pattern? If not, what's the pattern it conforms to?</strong></p> <p>PS: <a href="https://stackoverflow.com/questions/6783575/best-method-to-verify-multi-level-relational-dependencies">My other question</a> provides details how I found the pattern.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USSteAp
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PODoes this conform to a certain pattern?
      1. USJim
      1. VTFavorite
    2. VO
      singulars
      1. PODoes this conform to a certain pattern?
      1. This table or related slice is empty.
      1. VTDownMod
    3. VO
      singulars
      1. PODoes this conform to a certain pattern?
      1. This table or related slice is empty.
      1. VTModeratorReview
    1. COHey, folks! What's wrong with my question this time? It is a technical question. I don't want to know any esoteric stuff, but a concrete pattern. Additionally, I don't want to know if the technique is good or bad.
      singulars
      1. PODoes this conform to a certain pattern?
      1. USSteAp
    2. COProbably that it is subjective in nature and invites discussion.
      singulars
      1. PODoes this conform to a certain pattern?
      1. USLasse Vågsæther Karlsen
    3. COHm, maybe. But I don't see the point. I didn't ask for an evaluation. I did ask for a classification. Moreover, a debate not even started...
      singulars
      1. PODoes this conform to a certain pattern?
      1. USSteAp
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload