Hello, Sorry i was no reply, because i had many work.
I setup box, for my APE server, i have clear install. On front APE i have box with proxe apache, and i have 0-9.ape.myserver.com on 80 and i'm quite happy. Attached examples are working. So right now, i would like to block that send command for not php- inline push users using webserver IP :> I read your Example! Yes, that's what i'm looking for, it sound very good. I have question. Where can i find this line ? I think i check all files inside: /var/ape/ and i don't find that "send". Could You point it me ? Regards On Oct 12, 10:19 pm, Louis Charette <[email protected]> wrote: > If you overwrite the "send" command server side (or the command send actually > call) with registerHookCmd, you can check for the ip inside the user param. > See: > > http://www.ape-project.org/docs/server/commands/registercmd.html > > Envoyé de mon iPhone > > Le 2011-10-12 à 15:08, "[email protected]" <[email protected]> a écrit : > > > Hello again, > > > Maybe, there is option (server side) to limit "send" / "write" access > > just for certain IP-s ? > > For example, 192.168.x.65 with stands for my webserver with PHP > > instances. > > > Maybe this will be better option, to put somewhere in APE sourcecode > > "(if $trusted_ip == $remote_addr) { accept message } ? > > > I'm just shooting, myself i write in PHP, i'm not feel strong in > > javascript. > > > Maybe someone smarter than me find sollution for this. > > regards > > > On 12 Paź, 19:55, Louis Charette <[email protected]> wrote: > >> Overwrite the send command server side would be the best method I think > >> of, but in the end it won't be 100% secure for sure. The "onRaw" is still > >> visible in the JS and could be called elsewhere (I think). > > >> Envoyé de mon iPhone > > >> Le 2011-10-12 à 13:35, Pablo Tejada <[email protected]> a écrit : > > >>> JS is plain text and visible to anyone, you cant hide it or protect it. > >>> What you can do is make it harder for others to understand or reuse your > >>> code in malicious ways and that is what JS encapsulation does. That is > >>> why you cant rely on client side code for security. > >>> In this case, he is trying to block users(the smart ones i guess) from > >>> sending messages to the server directly from the browser using the ape JS > >>> framework built in "send" method. Encapsulation helps, but the real > >>> question is how to stop this request in the server. > > >>> From the top of my head if command hooks run before the registered > >>> command itselft(the command been hooked, if that makes sense) , he could > >>> just register a hook for the "SEND" command which blocks this requests. > >>> If not im out of ideas. > > >>> -- > >>> You received this message because you are subscribed to the Google > >>> Groups "APE Project" group.>>> To post to this group, send email to > >>> [email protected] > >>> To unsubscribe from this group, send email to>>> > >>> [email protected] > >>> For more options, visit this group at > >>>http://groups.google.com/group/ape-project?hl=en > >>> --- > >>> APE Project (Ajax Push Engine) > >>> Official website :http://www.ape-project.org/ > >>> Git Hub :http://github.com/APE-Project/ > > > -- > > You received this message because you are subscribed to the Google > > Groups "APE Project" group.> To post to this group, send email to > > [email protected] > > To unsubscribe from this group, send email to> > > [email protected] > > For more options, visit this group at > >http://groups.google.com/group/ape-project?hl=en > > --- > > APE Project (Ajax Push Engine) > > Official website :http://www.ape-project.org/ > > Git Hub :http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
