Hello, Thank You Pablo Tejada
Right now i realize how good was Your answer. I just created empty function, as You say... and it's done. To use inline push, user is requre to submit password, what is stored inside "/etc/ape/inlinepush.conf" and this password isn't know directly to user (stored in PHP file) until he can't "hack webserver" he won't be able to post anything without out permission. Im my opinion tha'ts everything what i need. I don't have to check IP, it can be additional security, but not required. Right now, i can start working with my application, without being worried about evil power-users who can use clientsideJS in wrong way. Regards Once again, thanks a lot for everyone how was trying to help me ;-) On Oct 18, 2:37 pm, Pablo Tejada <[email protected]> wrote: > I think if you had read a little it would be clear to you, or may im just > been optimistic cause i haven't tackle this myself > > Try this in your ip_check.js file: > > Ape.registerHookCmd("SEND", function(params, info) { > return 0; > > }); > > Note is not really checking for ip or anything, this is blocking all SEND > commands. My guess is that SEND is not triggered when using the inlinepush > so all attempts on sending a request from the client js framework should be > blocked. Is my theory and i haven't try it myself. > > http://www.ape-project.org/docs/server/commands/registerhookcmd.html -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
