Table of Contents

OIL2 Class Standard.RegisterReplicaHTTPclass

class Standard . RegisterReplicaHTTPclass {
inherits from Object;


The class RegisterReplicaHTTPclass creates a mapping between a an external name used by a ReplicaHTTPsession object and the actual name of the class used to implement a state variable. As soon as their work is complete, objects of this class automatically delete themselves.

Security Note

This class exists primarily for security reasons, although it does provide a convenient layer of indirection between names embedded in HTML pages and the name of an implementation class. Such indirection makes it easy to change the implementation of a service without requiring modification of any existing HTML source. For reasons of secure operation, information embedded in an HTTP request (for example, the requested URI or form data) should never be directly used to indicate the name of an implementation class. If this was the case, a hostile party could send carefully constructed queries to the system and cause arbitrary code to be run. This unfortunate problem is defeated by the use of a mapping table local to the HTTP server which maps a predefined externally visible name to a particular implementation class. If a hostile party attempts to utilize a different name of their own choosing, no code will be run since there is no such entry corresponding to the hacker's selection.



RegisterReplicaHTTPclass:create(string aliasName, any implementationClass)

Method Description

The aliasName argument is a string that specifies the externally visible name; the actual name of the implementation class is specified as by the implementationClass argument.