Trace:
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
jvx:server:lco:session_isolation [2020/06/15 10:58] cduncan Edited for English grammar (capitalization, punctuation, correct verb conjugation) |
jvx:server:lco:session_isolation [2020/06/26 12:49] (current) cduncan Edited for English grammar (capitalization, punctuation, correct verb conjugation) |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| ~~Title: Session Isolation~~ | ~~Title: Session Isolation~~ | ||
| - | Usually it's good enough if your client creates one single connection to the server. This connection could be created via application login. A login dialog is the right place for creating a connection. But sometimes you need a connection to the server independent of the authenticated user, maybe to retrieve properties or GUI settings. | + | It is usually good enough if your client creates one single connection to the server. This connection could be created via application login. A login dialog is the right place for creating a connection. But sometimes you need a connection to the server independent of the authenticated user, maybe to retrieve properties or GUI settings. |
| There are different solutions for this problem. The preferred one would be an anonymous connection. Such connections are supported from DBSecurityManager out of the box, but you need a database with a user table. If you don't have a database, it won't work. | There are different solutions for this problem. The preferred one would be an anonymous connection. Such connections are supported from DBSecurityManager out of the box, but you need a database with a user table. If you don't have a database, it won't work. | ||
| Line 83: | Line 83: | ||
| **<fs 20px>Information</fs>** | **<fs 20px>Information</fs>** | ||
| - | The session isolation feature should be used with care because it's possible to get access to the server without "real" authentication. But it's not risky because it's not possible to call methods which are not available in your isolated life cycle object. There is only one rule for you: never offer internal data. Use the isolation feature to send public data to the client, e.g., product names, version numbers, translation data, and so forth. | + | The session isolation feature should be used with care because it's possible to get access to the server without "real" authentication. However, it's not risky because it's not possible to call methods that are not available in your isolated life cycle object. There is only one rule for you: never offer internal data. Use the isolation feature to send public data to the client, e.g., product names, version numbers, translation data, and so forth. |