5.1 Introduction CYFS for Developers: O Link #22
Description
cyfs://
Now, we know some basic concepts in the CYFS protocol, how to exchange information between the client and server, and some internal implementation principles. But there is still a little difference from http://, that is how to use cyfs:// in browsers and html pages.
In CYFS, all information is an object, and cyfs:// provides a variety of ways to manipulate objects:
- O link: by
ObjectId. - R link: path by
RootState. - A link: access the specified version of
DECApp.
O Link
It's like below:
cyfs://o/$target_zone/$obj_id[?mode=json&mime=txt]
cyfs://o/$target_zone/$dir_id/$inner_path[?mode=json&mime=txt]
This protocol is the simplest and most used cyfs protocol. Since the obj_id is included in the request, the result must be credible. Since it is used the most, default parameters are used in most times to construct requests, and the FastResp mechanism of BDT is used as much as possible.
- $target_zone: As the domain for http, It represents the zone who will receive and responce the request.
- $obj_id: The object which we want to get.
- $dir_id: The
ObjectIdof the directory which we want to read. - $inner_path: The relative path which the file in the directory specified by the $dir_id.
If the mode is not specified, there are different default Response Body for different types of objid. The Body of FileObject is the most special, which is a continuous binary file.
Accelerate for O Link
Batch: When requesting objB, objC..., if you know that the request is initiated after requesting objA to the same zone (Learning the source grouping of HTTP requests), unless the relevant URL has special configuration, you can ignore objB, objC O Link target_zone, but uniformly initiate batch obj requests to target_zone_A.
Client load balancing: There are CacheNodes configuration in the target_zone, the client will request CacheA, CacheB, OOD in order of distance from itself to try to get the Object.
Domain for O Link
For browsers, the second segment of the URL is the domain, so all O Links are in the same domain.It means there are no cross domain issues and defense. It's a static content, and the defense is not needed.
Permissions for O Link
- If someone leak the ObjectId, the Object will be at risk of being accessed, So we should not tell the
ObjectIdto others if it's confidential. - In default, A object can be accessed by the owner and his friends, The others must access it from the shared friends.
- The owner can set the ACL to open permissions for others.
Simplify O Link with name
cyfs://eips/index.html
We can register a name for Object to simplify the access link to Object, and we can publish a static website like above.
Cross domain security
- There is no cross-domain problem with static resources.
- Cross-domain is the earliest execution sandbox, and some domains allow access to code running in other domains.
- Script code S in domain A requests resources from domain B, which may cause problems.
- Potential attack on B's server.
- Easy to make mock up stations.
- Get cookies.