Profiles

The SAMP protocol is defined in two parts, as an abstract API and as transport-specific Profiles. One or more Profiles may be offered by a SAMP hub to allow clients to communicate with it. At present, JSAMP offers two basic profiles, the Standard Profile, intended for normal desktop-based clients, and the Web Profile, intended for browser-based clients (some variants of these are also possible). These are described below.

By default, the hub is configured with both Standard and Web profiles available, but only Standard Profile switched on by default. If you want to use the Web Profile, either configure it to start using command-line flags to the Hub command, or equivalent programmatic settings. To switch on the Web Profile as well as the Standard Profile by default in the hub, you can do one of the following:

  • Run the jsamp hub command with the flag "-profiles std,web".
  • Run the hub, or whatever java program is going to start a JSAMP hub (e.g. TOPCAT, Aladin) with the system property flag -Djsamp.hub.profiles=std,web.
  • Check the checkbox in the the Profiles|Web Profile menu in the hub GUI window.
  • Check the checkbox in the Profiles|Web Profile menu provided by clicking on the hub system tray icon.
  • If you're writing code, you can use one of the methods in the Hub class which allow you to specify what profiles will be used.

The Profiles menu in the hub window looks something like this:

Screenshot of Profiles menu in the hub GUI window

and from the system tray icon something like this:

Screenshot of Profiles menu in the system tray window

Checking one of the checkboxes has the effect of turning the profile in question on, and unchecking it turns it off. When a profile is turned off, any clients registered using that profile are forcibly ejected from the hub.

Standard Profile

The Standard Profile is intended for use by normal desktop tools. Clients discover the location of the hub by looking in a file named .samp in the user's home directory. The fact that this file is normally only readable by the user running the hub means that connections cannot be made by other users.

Web Profile

The Web Profile is intended for use by web applications, that is, programs or web pages running inside a web browser. Web applications can find the hub at a well-known port. When a web application wants to register, the hub will ask the user, by popping up a dialogue window, whether the application should be allowed to run. The dialogue window will look something like this:

Web Profile popup dialogue screenshot

There are a number of configuration options available for the Web Profile hub, connected with security. They may be set on the hub command line, with the various -web:* options, or using the Profiles|Web Profile Configuration menu. The options are as follows:

CORS cross-domain access:
Whether to allow access using the Cross-Origin Resource Sharing standard. this is believed to be the safest mode of browser/hub communication, so it should usually be switched on.
Flash cross-domain access:
Whether to allow access using the Adobe Flash-based crossdomain.xml mechanism. This may be less secure than CORS, but is required for some browser/web application combinations. If you use a browser that supports CORS (thought to be: Chrome v2.0+, Firefox v3.5+, Safari v4.0+, IE v8+), and only use JavaScript-based web SAMP applications, you may be able to leave this switched off and thereby improve security.
Silverlight cross-domain access
Whether to allow access using the Microsoft Silverlight-based clientaccesspolicy.xml mechanism. Silverlight is believed to support the Flash mechanism, so you can and should probably leave this switched off.
URL Controls:
Whether web clients are restricted from accessing sensitive resources, like local files, if they have not previously been mentioned in earlier SAMP messages. This option is experimental, but it is probably a good idea to leave it on for security reasons.

Note that the configuration options may only be changed when the Web Profile itself is not running.

You may be able to find an experimental Web Profile client here.

Web Profile Security

The JSAMP 1.3 Working Draft discusses security in relation to the Web profile to some extent, but notes that there are outstanding security concerns, and that experimentation will continue in hub implementations around this issue.

The security measures taken by the JSAMP Web Profile implementation relating to the Web Profile are:

  • In the default configuration, the Web Profile is switched off. Users can switch it on during hub operation using the Profiles menu from the hub GUI (if present). It can also be switched on from the command-line or programatically at hub startup. The fact that it's off by default means that web clients will not be able to register unless the user has explicitly opted in, so only users who have some idea what the Web Profile is will be exposed to it at this stage. This policy may be changed (Web Profile on by default) in future releases depending on how thinking on security progresses.
  • If the Web Profile is switched off during operation using the Profiles|Web Profile menu item in the hub GUI, any clients registered through the Web Profile will be disconnected immediately. A user can therefore eject Web Profile clients if there are suspicions about their behaviour. Single clients can be ejected as well using the Clients|Disconnect Selected Client menu item.
  • The HTTP server on which the Web Profile runs rejects any access attempts from hosts other than the local host, as recommended by the SAMP 1.3 document.
  • The Web Profile URL translation service (Section 5.2.6 of SAMP 1.3) is, by default, selective about what URLs it will proxy. URLs are identified as local or non local; local ones are those using the file: protocol, or those using the http: protocol which point to the local host. Non-local URLs are proxied without restriction. Local URL translation is only performed for a local URL if it has previously been mentioned (as the value of a Message or Response argument) by a non-Web Profile client; translation requests which do not meet this criterion are met with a 403 Forbidden response. This means for instance that a Web Profile client cannot simply request, e.g., the content of file:///etc/passwd. This policy does not constitute bulletproof protection of local resources to malicious web-profile clients, but it does guard against some straightforward attacks. This policy is on by default, but can be switched off and on using the Profiles|Web Profile Configuration|URL Controls menu item from the hub GUI, or with the -web:[no]urlcontrol hub command-line switch.
  • The details of which cross-domain workarounds are used can be controlled from the Profiles|Web Profile Configuration menu or from the hub command line. The different workarounds can be switched on and off independently, though only while the Web Profile is not running. By default CORS and Flash are switched on, and Silverlight is switched off.