On Wed, Aug 31, 2011 at 16:52, John de la Garza <[email protected]> wrote:
> I am trying to creating a login page. I want to wait on the app
> building the GUI until after they have logged in. In my first attempt
> I created a login form. I now realize the form is async and my app
> can't wait.
>
> I'm thinking the solution is to have the succes login event load the
> gui. I assume that I can't have a dialog box that blocks execution
> of code till the correct auth info is entered.
>
> any ideas on this?
>
> If there was a way to say open a dialog box and stop execution until
> I get the answer I would do that. I'm new to event driven
> programming.
>
Basic concept: Never assume that anything in your browser is private. If you
require that the user has logged in before even seeing the rest of the GUI,
then the rest of the GUI should not be loaded from the server until after
login. Therefore, your concept of having a dialog box that stops execution
until login is complete, is dangerous because the somewhat knowledgeable
user could easily bypass that and cause the already-loaded GUI to be
displayed.
If the GUI is private until being logged in, then the correct way to handle
it is to load the GUI after successful login. (See Marc's message.)
If the GUI is not really private, then your general concept is ok, but
you'll probably want to just not display the GUI until they've logged in.
You'd then use the event which contains login success information in which
to display your GUI.
Finally, every interaction with the server must validate the requester *at
the server*, because the somewhat knowledgeable user could easily snoop on
messages being sent, or even look at the code to see what belongs in a
message to the server, and create a message that causes some server action
that should have required the user to be logged in.
Cheers,
Derrell
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
