My robot post login and password to another server... like tweety. Can you write more about connecting robot with gadget in wave? I listen only about HTTP connection (some samples...?) Michał
2009/11/7 David Nesting <[email protected]> > On Fri, Nov 6, 2009 at 8:53 AM, Golabek <[email protected]>wrote: > >> Hi, I want to know how to get value of textboxes in godget to robot. >> Gadget have 2 bextboxes, login and password, I want to get this value >> to robot who log to server >> > > Gadgets can pass state to robots one of two ways: > > 1. Through the wave. > 2. Through a direct HTTP request against the robot. > > Persisting usernames and passwords to the wave is a really bad idea, > obviously, since anyone can read it. But since the robot is simply an > appengine app, you can just submit an HTTP request (through AJAX) to the > robot, which can then perform the privileged operation. > > Presumably, you're using a robot because you want to modify the wave with > the result of this operation. Since robots only respond to events, you'd > need to then generate an event for the robot to respond to. You could do > this by having your gadget (once it receives a response to that original > HTTP request) make a state change to the wave, maybe just setting some dummy > flag. The robot would receive that event and update the wave with its > results. > > Things that you need to think about: > > 1. Throwing usernames and passwords around isn't very secure. If at all > possible, look into using OAuth with the service you're trying to > authenticate against. > 2. The communication with the robot will not be over SSL. > 3. If the results of the privileged operation are confidential and > shouldn't be shown to people not participating in the wave, you need to > authenticate the event somehow[1]. Maybe generate some random token sent > with the original request to the robot, that would also be persisted to the > wave, so that the robot knows the event it's receiving is genuine. > Otherwise, anyone could submit that event and get the robot to send its > results to them instead of Wave. > > If you elect to simply store the username and password to the app's data > store, and perform those privileged operations in response to Wave events, > that 3rd item above is much more important, since anyone can fabricate a > Wave event and cause your robot to perform those actions without the consent > of the user whose credentials you're working with. > > David > > [1] http://code.google.com/p/google-wave-resources/issues/detail?id=344 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en -~----------~----~----~----~------~----~------~--~---
