Hello,
I am trying to use ape to stream pieces of news (stock quotes, weather
etc) to many clients (users are not logged in, just guests viewing a
page). I want only the server to be able to add messages to the
channel. I have the following problems:
1. I am forced to assign a username in each client session (i.e.
start() does not allow me not to pass in a name) but the users are not
logged in and i have to make up random names which if they are not
very short they are rejected and if the username has already been used
the code stops.
2. Even though clients join a non-interactive channel (named *....)
they can send data to the channel with addEvent('multiPipeCreate' ....
pipe.send('Message'); This is a major problem, the channel is supposed
to be non-interactive, read-only but it clearly is not. This would
allow hackers to mess with the information sent by the server to the
other clients.
3. If I only want my server to send info (I think this is called
inline push) I guess i would need to assign passwords for users or
some other kind of restriction/ACL such as IP etc so that only the
server can send this info. I have not been able to find in the
documentation how to implement such restrictions.
I would appreciate any pointers to documentation, tutorials or
examples that deal with this situation. Or someone can confirm that
these issues do not have easy workarounds and therefore ape is not
well suited for this type of application.
Thanks!
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
