Hello again,
Maybe, there is option (server side) to limit "send" / "write" access
just for certain IP-s ?
For example, 192.168.x.65 with stands for my webserver with PHP
instances.
Maybe this will be better option, to put somewhere in APE sourcecode
"(if $trusted_ip == $remote_addr) { accept message } ?
I'm just shooting, myself i write in PHP, i'm not feel strong in
javascript.
Maybe someone smarter than me find sollution for this.
regards
On 12 Paź, 19:55, Louis Charette <[email protected]> wrote:
> Overwrite the send command server side would be the best method I think of,
> but in the end it won't be 100% secure for sure. The "onRaw" is still visible
> in the JS and could be called elsewhere (I think).
>
> Envoyé de mon iPhone
>
> Le 2011-10-12 à 13:35, Pablo Tejada <[email protected]> a écrit :
>
> > JS is plain text and visible to anyone, you cant hide it or protect it.
> > What you can do is make it harder for others to understand or reuse your
> > code in malicious ways and that is what JS encapsulation does. That is why
> > you cant rely on client side code for security.
> > In this case, he is trying to block users(the smart ones i guess) from
> > sending messages to the server directly from the browser using the ape JS
> > framework built in "send" method. Encapsulation helps, but the real
> > question is how to stop this request in the server.
>
> > From the top of my head if command hooks run before the registered command
> > itselft(the command been hooked, if that makes sense) , he could just
> > register a hook for the "SEND" command which blocks this requests. If not
> > im out of ideas.
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "APE Project" group.
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]
> > For more options, visit this group at
> >http://groups.google.com/group/ape-project?hl=en
> > ---
> > APE Project (Ajax Push Engine)
> > Official website :http://www.ape-project.org/
> > Git Hub :http://github.com/APE-Project/
--
You received this message because you are subscribed to the Google
Groups "APE Project" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/ape-project?hl=en
---
APE Project (Ajax Push Engine)
Official website : http://www.ape-project.org/
Git Hub : http://github.com/APE-Project/
