I don't thik any kind of encapsulation can prevent this issue.
I've the same doubt. Where is JSF server side ape code has a password check
feature?
Or anyone installing a JSF on an host and configuring it to my server can
send data to my server channels?
i individuated the code responsible for password check of inline push
serverside:
Ape.registerCmd("inlinepush", false, function(params, infos) {
if (params.password == Ape.config("inlinepush.conf", "password")) {
But what is the equivalent part responsible to receive a JSF send?
It's in javascript (so easly editable for me) or it's hardcoded in C code?
2011/10/12 Pablo Tejada <[email protected]>
> You can encapsulate your JS code to void any hijackers from using dev tools
> like a browser's console to take control of the JS ape Object.
>
> --
> You received this message because you are subscribed to the Google
> Groups "APE Project" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/ape-project?hl=en
> ---
> APE Project (Ajax Push Engine)
> Official website : http://www.ape-project.org/
> Git Hub : http://github.com/APE-Project/
>
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
