Something I got to thinking real hard about when scripting the servertasks fileI/O
widget - which is actually a kind of in-script client/server type interface - was the
security issue. How would you ensure that you isn't just making it easy for
evil-minded hackers to do unwanted things to your website filestructure and files.
What seems to be the best way is to let the webmaster be hardcoding in strict paths
into a textfile as to ensure that at least not the user intentionally or
unintentionally modiifes the wrong files or the wrong way in any directory in the
webserver structure. this method isn't waterproof either, but at least it restricts
the available filepaths if it's included into the server-side script that it must
check the textfile and ensure that the input filepath is strictly true to one that is
specified in the textfile. the textfile should of course not include its own path or
it be useless.
Also I would adwise to carefully consider wheter the general server-side script should
actually include a renname and file-listing functions, as these could easily be
misused. I've also been reconsidering actually including a delete function in my
serverTasks fileI/O widget. This should probably be one thing amongst others which
should rather be left to the webmaster to do manually to ensure its done right.
Henrik Våglin [ [EMAIL PROTECTED] ]
----- Original Message -----
From: "Doug Melvin" <[EMAIL PROTECTED]>
To: "dynapi-help" <[EMAIL PROTECTED]>
Sent: Thursday, February 15, 2001 12:59 AM
Subject: [Dynapi-Help] Requirements of a server-side companion for DynAPI
Rough draft:
Add your comments and suggestions,
then we'll make a second draft and do it again.
DataBase access:
-SQL implementation (rip code from or modify MySQL?)
-getField('fieldname')
> get the value in field 'fieldname' for
the selected record
-setField('fieldname')
> set the value in field
'fieldname' for the selected record
-SQLExecute('sqlstring')
> you would pass your
"SELECT * FROM" or
"DELETE ALL FOR"
statements to the DB
engine here..
File I/O (server-side):
-directory navigation:
+list files
+change working dir
-file streaming:
+Open file stream
+get X bytes from file stream
+get ALL from file stream
+write to file stream: append/insert/overwrite
+close file stream
-file manipulation:
+copy file
+move file
+rename file
+delete file
+maybe batch versions of the above
(ie myFileStreamObject.rename('f*s.js','f*r.js') )
Network Comm:
Not sure what you would want for network comm..
But I was thinking, you can make tcpip connections with an applet right?
So, on thos platforms that don't support, say, LiveConnect for instance,
your applet can make a network connection to you serv-side component,
which would then instruct you DynaPI to do something
(using a queue I would assume as you can't 'tell' jscript to do anything from the
server...)
---
Outgoing mail is certified Virus Free by AVG Free Edition
http://www.grisoft.com/html/us_index.cfm
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/01
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Dynapi-Help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/dynapi-help
