Difference between revisions of "AJAX - Security engine"
From All n One's bxp software Wixi
Philip Lacey (talk | contribs) (Created page with "= Overview = Security is very important to bxp and BEAPI calls should be no less secure. For this reason there are a number of security concepts to be considered. The AJA...") |
(No difference)
|
Latest revision as of 11:02, 29 August 2016
Overview
Security is very important to bxp and BEAPI calls should be no less secure. For this reason there are a number of security concepts to be considered.
The AJAX makes calls to the BEAPI, hereto referred to as "The Call". When the Call is made, it requires a username and password. That user must have access to the form. In using the AJAX there are two possible options.
- Use a set username and password
- Use a dynamic username and password
The set username and password is more secure but must have specified white listed IP addresses it can be used from. The user must be granted access to the form containing the data. This also allows this user to have all functional access removed but still allow content access. This is the more secure preferred option.
- aryAjax_Settings[0] = "client_demo";
- aryAjax_Settings[1] = "demo";
- aryAjax_Settings[2] = "password";
Set user location can be difficult to manage if users move location often or there is no static IP address available. There is a dynamic security setting, which requires the current user to have access to the form, but the engine uses the current users login, to access the form.
- aryAjax_Settings[22] = document.getElementById('intSystemGenerated_CompanyId').value;
- aryAjax_Settings[23] = document.getElementById('intSystemGenerated_UserId').value;
- aryAjax_Settings[24] = document.getElementById('intSystemGenerated_LoginKey').value;
The Call is made using a secure HTTP Post using form variables and not querystring parameters. This provides maximum security for the data being sent.
The error code will return 0 for success and the following codes for errors.
- -1 = No settings initialised. Please set the settings on your page.
- -2 = Settings not initialised. Please set the settings on your page.
- -3 = Settings cannot be blank. Please check the settings on your page.
- -4 = Server response not formatted correctly.
Please refresh the page and try again.
Error Code [ " + aryAjax_Settings[3] + " - " + aryAjax_Settings[5] + " ] - -5 = No data fields specified. Please set the settings on your page.
- -6 = No display fields specified. Please set the settings on your page.
- -7 = AJAX transport failure. Please refresh the page and try again.
- -8 = AJAX initialisation failure. Please refresh the page and try again.
