On Fri, Nov 6, 2009 at 8:53 AM, Golabek <[email protected]> wrote:
> Hi, I want to know how to get value of textboxes in godget to robot. > Gadget have 2 bextboxes, login and password, I want to get this value > to robot who log to server > Gadgets can pass state to robots one of two ways: 1. Through the wave. 2. Through a direct HTTP request against the robot. Persisting usernames and passwords to the wave is a really bad idea, obviously, since anyone can read it. But since the robot is simply an appengine app, you can just submit an HTTP request (through AJAX) to the robot, which can then perform the privileged operation. Presumably, you're using a robot because you want to modify the wave with the result of this operation. Since robots only respond to events, you'd need to then generate an event for the robot to respond to. You could do this by having your gadget (once it receives a response to that original HTTP request) make a state change to the wave, maybe just setting some dummy flag. The robot would receive that event and update the wave with its results. Things that you need to think about: 1. Throwing usernames and passwords around isn't very secure. If at all possible, look into using OAuth with the service you're trying to authenticate against. 2. The communication with the robot will not be over SSL. 3. If the results of the privileged operation are confidential and shouldn't be shown to people not participating in the wave, you need to authenticate the event somehow[1]. Maybe generate some random token sent with the original request to the robot, that would also be persisted to the wave, so that the robot knows the event it's receiving is genuine. Otherwise, anyone could submit that event and get the robot to send its results to them instead of Wave. If you elect to simply store the username and password to the app's data store, and perform those privileged operations in response to Wave events, that 3rd item above is much more important, since anyone can fabricate a Wave event and cause your robot to perform those actions without the consent of the user whose credentials you're working with. David [1] http://code.google.com/p/google-wave-resources/issues/detail?id=344 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en -~----------~----~----~----~------~----~------~--~---
