The Persistence API - OpenSocial - Google Code
Popularity Report
 |
|||
|
|||
|
|||
|
|||
|
|||
|
Rank
URL Tag Cloud
Bookmark History
Saved by 1 people (0 private), first by anonymouse user on 2008-04-09
- Gbhatia on 2008-04-09 - Tags opensocial , persistence , api
Public Sticky notes
Which users a user can write Persistence data to is a policy decision that is made by each OpenSocial container. Currently, the "default" policy that most active containers have implemented is that an application can only write to VIEWER data, and only if the VIEWER has the application installed. This policy is fairly restrictive to prevent malicious users from writing data to arbitrary users, so it is expected to be the most commonly implemented Persistence data policy. This article was written under the assumption that data will only be writeable to VIEWERs with the application installed, and presents advice on how to structure applications around this limitation.
It is certainly possible that some containers may implement a more relaxed data policy that allows users to write data to other users' Persistence data. Additionally, some containers may choose to give their users the ability to set ACLs on their Persistence data. In this model, a user would be able to whitelist other user accounts to read from or write to their own Persistence data.
Highlighted by gbhatia
Character escaping
Since application data is visible to more than just the user who writes it, there is a danger that any given application data may contain content from a malicious user. For this reason, the OpenSocial specification stipulates that application data must be HTML escaped by the container before being returned to the application.
This will prevent situations where application data output without being filtered by the application first. Consider the following data string:
"<img style=\"width: 1; height: 1;\" src=\"adsfa\" onerror=\"alert('hello')\" />"
If the above string is put directly into the innerHTML
property of a page element, a popup box containing hello will be
displayed. While this sample is harmless, allowing JavaScript from other
users to execute without being filtered is a security risk. Therefore, if
that string is stored in application data, it will be returned as:
"<img style="width: 1; height: 1;" src="adsfa" onerror="alert('hello')" />"
which, if put into the innerHTML property of an element, will
simply print the <img> tag and the alert() code, instead of
executing the JavaScript directly.
If you need to undo this encoding operation for some reason, you may use
the gadgets.util.unescapeString function to return the escaped
string's original form. Be careful about displaying unescaped data, though,
for the reason explained above.
Highlighted by gbhatia
Quotas
Social applications may potentially be used by millions of users, and unchecked use of application data stores may put a large storage burden on containers. It is expected that most containers will therefore implement a data storage quota which applications may not exceed. This quota will usually be measured as being a certain number of bytes per application per user.
When writing application data that would exceed the size of the current quota, the write request will fail and the container will return an error message indicating that the limit was exceeded.
Highlighted by gbhatia
Viewer data is the cornerstone of the Persistence API. All data must be written through VIEWER, which means that users cannot change application data for anyone but themselves.
While you can read data written to VIEWER by getting OWNER or OWNER_FRIENDS data in different contexts, directly reading VIEWER data is really only useful for storing application preferences that need to travel with the user, instead of the profile on which the application is installed.
Highlighted by gbhatia
If I can't set OWNER data, who can?
Well, the VIEWER can when the VIEWER is the same person as the OWNER. To set OWNER data, an application simply writes to the VIEWER data store for a user who has the application installed. This data is available as OWNER data on that user's profile.
Who can see OWNER data?
As long as an application is installed on someone's profile, OWNER data will always be available, no matter who is looking at the profile.
Highlighted by gbhatia
What uses are there for OWNER data?
By setting and getting OWNER data, an application can let each of its users customize the way the application works on their profil
Highlighted by gbhatia
Public Comment