Hi, I search quickly and didn't find it either. But if you check the file ../framework/Http.js, there's something about HTTP request and HTTP Auth. Maybe this could help, even if it's not the best option.
- Louis Le 2011-10-17 à 03:25, [email protected] a écrit : > Hello, > > Sorry i was no reply, because i had many work. > > I setup box, for my APE server, i have clear install. > On front APE i have box with proxe apache, and i have > 0-9.ape.myserver.com on 80 and i'm quite happy. > Attached examples are working. > > > So right now, i would like to block that send command for not php- > inline push users using webserver IP :> > > I read your Example! > Yes, that's what i'm looking for, it sound very good. > I have question. > > Where can i find this line ? > > I think i check all files inside: /var/ape/ > and i don't find that "send". > > Could You point it me ? > > Regards > > On Oct 12, 10:19 pm, Louis Charette <[email protected]> wrote: >> If you overwrite the "send" command server side (or the command send >> actually call) with registerHookCmd, you can check for the ip inside the >> user param. See: >> >> http://www.ape-project.org/docs/server/commands/registercmd.html >> >> Envoyé de mon iPhone >> >> Le 2011-10-12 à 15:08, "[email protected]" <[email protected]> a écrit : >> >>> Hello again, >> >>> Maybe, there is option (server side) to limit "send" / "write" access >>> just for certain IP-s ? >>> For example, 192.168.x.65 with stands for my webserver with PHP >>> instances. >> >>> Maybe this will be better option, to put somewhere in APE sourcecode >>> "(if $trusted_ip == $remote_addr) { accept message } ? >> >>> I'm just shooting, myself i write in PHP, i'm not feel strong in >>> javascript. >> >>> Maybe someone smarter than me find sollution for this. >>> regards >> >>> On 12 Paź, 19:55, Louis Charette <[email protected]> wrote: >>>> Overwrite the send command server side would be the best method I think >>>> of, but in the end it won't be 100% secure for sure. The "onRaw" is still >>>> visible in the JS and could be called elsewhere (I think). >> >>>> Envoyé de mon iPhone >> >>>> Le 2011-10-12 à 13:35, Pablo Tejada <[email protected]> a écrit : >> >>>>> JS is plain text and visible to anyone, you cant hide it or protect it. >>>>> What you can do is make it harder for others to understand or reuse your >>>>> code in malicious ways and that is what JS encapsulation does. That is >>>>> why you cant rely on client side code for security. >>>>> In this case, he is trying to block users(the smart ones i guess) from >>>>> sending messages to the server directly from the browser using the ape JS >>>>> framework built in "send" method. Encapsulation helps, but the real >>>>> question is how to stop this request in the server. >> >>>>> From the top of my head if command hooks run before the registered >>>>> command itselft(the command been hooked, if that makes sense) , he could >>>>> just register a hook for the "SEND" command which blocks this requests. >>>>> If not im out of ideas. >> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "APE Project" group.>>> To post to this group, send email to >>>>> [email protected] >>>>> To unsubscribe from this group, send email to>>> >>>>> [email protected] >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/ape-project?hl=en >>>>> --- >>>>> APE Project (Ajax Push Engine) >>>>> Official website :http://www.ape-project.org/ >>>>> Git Hub :http://github.com/APE-Project/ >> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "APE Project" group.> To post to this group, send email to >>> [email protected] >>> To unsubscribe from this group, send email to> >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/ape-project?hl=en >>> --- >>> APE Project (Ajax Push Engine) >>> Official website :http://www.ape-project.org/ >>> Git Hub :http://github.com/APE-Project/ > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
