Overwrite the send command server side would be the best method I think of, but in the end it won't be 100% secure for sure. The "onRaw" is still visible in the JS and could be called elsewhere (I think).
Envoyé de mon iPhone Le 2011-10-12 à 13:35, Pablo Tejada <[email protected]> a écrit : > JS is plain text and visible to anyone, you cant hide it or protect it. What > you can do is make it harder for others to understand or reuse your code in > malicious ways and that is what JS encapsulation does. That is why you cant > rely on client side code for security. > In this case, he is trying to block users(the smart ones i guess) from > sending messages to the server directly from the browser using the ape JS > framework built in "send" method. Encapsulation helps, but the real question > is how to stop this request in the server. > > From the top of my head if command hooks run before the registered command > itselft(the command been hooked, if that makes sense) , he could just > register a hook for the "SEND" command which blocks this requests. If not im > out of ideas. > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
