Related links
Sales & Asset management
Sales related services
Description of a part of the AM module - sales partFI - Finance Management
Framework Core functionality
- AyMINE Framework Server
- frmFrm – provided functionality
- System Rights
- System messaging
- AyMINE Business – Price calculation
- Strings and translations
- Export collection of objects
- AyMINE Framework management FAQ
- The AyMINE licence model
- AyMINE On-premise
- System events
- Mutli-client architecture
- Import collection of objects
- User sessions
- Default server methods
- Client-defined object attributes
- Common Libraries
Module - support for management
Libraries & Lincences
Mobile & Web Application
- Runtime debugging
- System console
- AyMINE Application
- In-line table edit support
- Object scripting API – object lang
- Application object structure
- Multilingual support
- View of a single object – detail
- Is using EVAL / feval method risky?
- Included library – String operations
- Cliplink
- Object API – object <g>
- API – Data object
- Object scripting API – object User
- Object view definition
- Framework support for Drag & Drop
- Common libraries
- Multiple-object update implementation
- fClip & fCliplist
- Offline persistent objects
- Mobile application
HR - Human Resources
System Management (part of framework)
Task, Project, Quality
Task & Task pattern
CMS - Content Management & Web API services
Is using EVAL / feval method risky?
EVAL method in javaScript is strongly discuragged as a risky function. However, object declaration stronly use it. Is it risky?
Client object programming is part of globally describes system orchestration. See chapter about orchestration for ore details.
Event the devleoper portal says, that "Executing JavaScript from a string is an enormous security risk."
Why we use it?
AyMINE doesn't use eval() it uses feval = universal Function
There is significant differnce between eval and universal Function. This is also described in the developer portal but the major difference in the safety aspect is not obvious:
- eval() method is processed as a globall function with possiblity to work with everything around – with pages, calling methods etc. In a nutshell, it can do anything
- Function() method can only process method in the scope, that is allowed by the function call. It can never tough data or functions that are not explictelly allowed.
What it is feval?
feval is the concept how to process object client methods defined by the object declartion files. It manages orchestration as well as dynamic calculation of views.
Thanks to the feval concept, AyMINE is extendible without necessity to recompile the client application or mobile application for each change. It is also flexible to provide different behvaiour for various clients
Safety measures
AyMINE adopted other strong control mechanisms to make function 100% controlled:
- Scripts evaluated in the feval method are neve uploaded to the system and never editable directly within the application. In a nutshell, there is no way how to send untrusted code to the evaluation
- Scripts are never shared among clients or users. They are part of the code and under the developer's control. User cannot affect them. Simply, no one can affect the code evaluated elsewhere than ot its own computer
- Scripts have strictly controlled environment. They have access only to the feval API that 100% isolate the scripts from the application. Definitelly, it interacts with application and even with user (there are methods for dialogs) but everything is managed over the defined API.
- Script never manages server rights. Simply, thay don't manage anything on server because they are evaluated by client local computer. However, even when user would change script on its own local station, it would never affects control of the access rights manages by the back-end.
API for client objects
API for client objects and script has data parts and functional objects.
Data objects
Data object principally allows access to some data but alos contains functions for manipuliations with data.
Principal data object
Scripts are always linked with single object and the object is available under the name obj
.
Object also contains several methods to get
- counter fileds
- icons
- object description
Functionality supported by data object is described here.
Translation strings
Evaluation method can access translation related with the object. It can translate string to the language that user has selected – it may not change the language or choose what language to use for translation. Translations are used for the UI automation and therefore there is no reason for language control.
Trnaslations are accessible throught the object lang
.
Attributes
Views and methods have imput attribues. There are available as a object attr
.
Functional API
Functional API is available through 3 objects
Global eval methods
API is encapsualted in theg
= globalEval with access to the methods that are not linked with used objects.
- Date and time manipulation
- System settings
User object
API under the object user
encapslates user specific information and function
- User ID
- Client ID
- User settings