Thanks for your response. So this is a known issue or a bug or what, I thought it was a clear definition in the docs that non-iteractive channels are read only (except for trusted entitied). Am I mistaken? Are there plans to fix this?
Otherwise I would appreciate if someone with experience with APE, preferrably one of the authors/maintainers, could provide a reliable solution to how to stop clients posting messages to the channel. Because I don't really trust myself, (having almost no APE experience) hack something with some server side handler and then later find out that there were other ways users could post to the channel that i was not aware of or that my solution was not complete. Thanks! On Jul 29, 7:25 pm, Johnathan Leppert <[email protected]> wrote: > See nickname.js in the server side source. You can assign anything, it need > not be a name, but it should be a unique id for every client. > > For #2, it could be possible for you to implement a server side event > handler to listen for such events, and not send them, such that the only way > to send data is via inline push commands. > > > > On Thu, Jul 29, 2010 at 9:55 AM, pilnic <[email protected]> wrote: > > Hello, > > > I am trying to use ape to stream pieces of news (stock quotes, weather > > etc) to many clients (users are not logged in, just guests viewing a > > page). I want only the server to be able to add messages to the > > channel. I have the following problems: > > > 1. I am forced to assign a username in each client session (i.e. > > start() does not allow me not to pass in a name) but the users are not > > logged in and i have to make up random names which if they are not > > very short they are rejected and if the username has already been used > > the code stops. > > > 2. Even though clients join a non-interactive channel (named *....) > > they can send data to the channel with addEvent('multiPipeCreate' .... > > pipe.send('Message'); This is a major problem, the channel is supposed > > to be non-interactive, read-only but it clearly is not. This would > > allow hackers to mess with the information sent by the server to the > > other clients. > > > 3. If I only want my server to send info (I think this is called > > inline push) I guess i would need to assign passwords for users or > > some other kind of restriction/ACL such as IP etc so that only the > > server can send this info. I have not been able to find in the > > documentation how to implement such restrictions. > > > I would appreciate any pointers to documentation, tutorials or > > examples that deal with this situation. Or someone can confirm that > > these issues do not have easy workarounds and therefore ape is not > > well suited for this type of application. > > > Thanks! > > > -- > > You received this message because you are subscribed to the Google > > Groups "APE Project" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<ape-project%2bunsubscr...@googlegroups.com> > > For more options, visit this group at > >http://groups.google.com/group/ape-project?hl=en > > --- > > APE Project (Ajax Push Engine) > > Official website :http://www.ape-project.org/ > > Git Hub :http://github.com/APE-Project/- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
