On Feb 4, 2008 11:36 AM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote: > I think this is important for this discussion. This is because the gadget > server should only proxy for gadgets that are locked to that domain. > So when receiving a proxy > request, the gadget server should be able to authenticate that the > request came from a gadget on that domain.
Out of curiosity, what attack are you trying to prevent by having the gadget server only serve proxy requests for gadgets the container rendered? Is it just the open proxy issue that you're concerned about, or something more? And sliding back to how this got started... how would you feel about implementing the UserStore and GadgetStore interfaces[1] to talk to your container's persistent storage? There are some gadget features, like OAuth, that are tricky to implement without some kind of persistent storage shared by the container and the gadget server. I'm definitely interested in approaches that avoid the need for the shared persistent storage, but I'd also like to keep things as simple as possible. Are UserStore and GadgetServer simple enough? [1] see the oauth.patch file attached to https://issues.apache.org/jira/browse/SHINDIG-35
