Because that will be to an own challenge. One day successful entered its master station finally, writes my process in this, as well as to common web service security model understanding, some summaries regarding this

And so on, hoped that everybody can gain own understanding.

First, that introduces certainly this chinalinux stand some situations. http://www.chinalinux.com is one which uses itself to develop Chinese operation department which promotes by linux comes

Series, but the web service also uses own product ccs. This ccs installment, the use are convenient, also very easy to dispose the management, therefore many managers like using this product.

¡¡¡¡For must be able to enter such stand, that certainly must be familiar with ccs this web service system. According to this system's some primary service characteristic, as well as some jurisdiction disposition, after simple summary,

Has three points.

First, the ccs system provides the outside to be possible to visit a system part of directory file the service
Second, ccs provides the hypothesized table of contents disposition, each hypothesized table of contents may correspond certain jurisdiction
Third, the ccs system file type disposition, may dispose the different document type, provides directly moves two ways in the service end movement and the returns client side

¡¡¡¡Through the above understanding, I summarized a ccs security model, that was ccs is an external type the web system which had the jurisdiction to limit. How to understand this “external”? Because of everybody

The familiar operating system knew that the operating system itself has the jurisdiction control to some objects, but this ccs system's jurisdiction control depends upon operating system's these functions, but is depends upon own one

Examination. A most important spot, the operating system is attached to the object itself body to the object jurisdiction's assignment, what but ccs is records all object jurisdiction assignment above the ccs system.¡¡¡¡

¡¡¡¡This has any difference, operating system processing time each real object has a file, but each object possible some aliases, to visit these aliases like this time we do not need to care about it

Is the alias or the real name, so long as corresponds that only file to be able finally correct to obtain the jurisdiction assignment. Makes an image analogy, end of the month paid out the wages, the operating system establishes each person

An only file, inside these files the record has this person's wages, but this person possibly calls young Zhang also to call to open three, then round of wages time does not need to manage him to call young Zhang to open three, is finally looks

To his payroll also on correct provide his wages. But regarding the ccs system, because it does not have this kind of payroll, it is determines the wages according to the personal name, therefore it must test