细粒度授权方法和ASP页面的访问控制(含外文出处)
无需注册登录,支付后按照提示操作即可获取该资料.
细粒度授权方法和asp页面的访问控制(含外文出处)(中文4600字,英文3200字)
1. 绪论
由于开发交互式WEB应用程序的需要,动态网页(AWP)的应用正在增长。AWP最显著的特点就是它能根据用户输入的不同数据与用户进行交互。
虽然AWP被广泛的应用,但是访问控制(AC)的问题却没有被很好的解决。与HTML页面内容是永久性的,并且访问限制能够简单的执行不同,AWP中的信息来自不同的数据源,并且内容随着运行环境的变化而频繁的改变。对整个页面进行访问控制的方法很少,因为在WEB服务器处理和运行页面中的脚本之前,没有人知道页面中会出现什么,并且,一个WEB页面中的内容通常有不通的灵敏度,不同权限的用户可以访问页面不同的部分,因此,有必要提供对AWP的细粒度保护。
保护动态网页应用最广泛的方法是把访问控制嵌入到AWP中,这样做,可以使开发人员提供对AWP中的信息进行细粒度保护。但是,这也导致了许多显著的问题,它使人很难改变安全政策和控制机制,同样,也使人们难以开发或配置基于AWP的WEB应用程序。所以,当前的AWP访问控制机制必须变革。
A Method of Fine-grained Authorization and Access Control for asp Pages
1 Introduction
The usage of Active web pages (AWP) is rapidly increasing for the need of creating interactive web applications. The key character of AWP is that it can communicate with users with its content changes dynamically depending on the user input. Though AWP is widely used, the problem of access control (AC) has not been completely solved. Unlike html pages whose content is permanent and access restrictions can be easily enforced. Information contained in AWP comes from distributed data sources and changes frequently depending on the run time environment. Accessing control of the whole page means little because nobody know what will be presented in the page before web servers processing and executing scripts included in the page. Furthermore, information contained in a web page always has different sensitivity. Users with different rights can access different parts of a page. So, it is necessary to provide fine-grained protection for AWP. The method used most widely to protect active web pages is to embed AC function in AWP. By this way developers can provide fine-grained protection for information contained in AWP. But, this causes many significant problems. It makes it harder to change security policies and control mechanisms, and makes it difficult to develop or configure web applications base on AWP.