If you overwrite the "send" command server side (or the command send actually call) with registerHookCmd, you can check for the ip inside the user param. See:
http://www.ape-project.org/docs/server/commands/registercmd.html Envoyé de mon iPhone Le 2011-10-12 à 15:08, "[email protected]" <[email protected]> a écrit : > Hello again, > > Maybe, there is option (server side) to limit "send" / "write" access > just for certain IP-s ? > For example, 192.168.x.65 with stands for my webserver with PHP > instances. > > Maybe this will be better option, to put somewhere in APE sourcecode > "(if $trusted_ip == $remote_addr) { accept message } ? > > I'm just shooting, myself i write in PHP, i'm not feel strong in > javascript. > > Maybe someone smarter than me find sollution for this. > regards > > On 12 Paź, 19:55, Louis Charette <[email protected]> wrote: >> Overwrite the send command server side would be the best method I think of, >> but in the end it won't be 100% secure for sure. The "onRaw" is still >> visible in the JS and could be called elsewhere (I think). >> >> Envoyé de mon iPhone >> >> Le 2011-10-12 à 13:35, Pablo Tejada <[email protected]> a écrit : >> >>> JS is plain text and visible to anyone, you cant hide it or protect it. >>> What you can do is make it harder for others to understand or reuse your >>> code in malicious ways and that is what JS encapsulation does. That is why >>> you cant rely on client side code for security. >>> In this case, he is trying to block users(the smart ones i guess) from >>> sending messages to the server directly from the browser using the ape JS >>> framework built in "send" method. Encapsulation helps, but the real >>> question is how to stop this request in the server. >> >>> From the top of my head if command hooks run before the registered command >>> itselft(the command been hooked, if that makes sense) , he could just >>> register a hook for the "SEND" command which blocks this requests. If not >>> im out of ideas. >> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "APE Project" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/ape-project?hl=en >>> --- >>> APE Project (Ajax Push Engine) >>> Official website :http://www.ape-project.org/ >>> Git Hub :http://github.com/APE-Project/ > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
