Well what you -could- do is create a site, and host all the
'images' (lets pretend this does not involve scantly dressed people)
on the pages on img src="http://shindig/proxy?url=http://myhost.com/some/image.gif
" /> ... and thus offloading most of the bandwidth used to the proxy
instead of the originating site.
On Jul 16, 2008, at 11:27 PM, Emilio Daniel González wrote:
So, if I were a bad guy, can I copy all Internet into the proxy?! =P
On Wed, Jul 16, 2008 at 6:07 PM, Kevin Brown <[EMAIL PROTECTED]> wrote:
On Wed, Jul 16, 2008 at 2:03 PM, Emilio Daniel González <[EMAIL PROTECTED]
>
wrote:
btw, why all the files that pass through the proxy are named as
"p.txt"?
it's a convention or what?
the "p" is arbitrary (it stands for proxy). The .txt extension
generally
causes the file to be opened in a text editor rather than the web
browser
(either that or the user gets a download dialog). Most other
extensions
would be loaded in the browser (making the technique ineffective)
or blocked
by security software.
On Wed, Jul 16, 2008 at 5:58 PM, Chris Chabot <[EMAIL PROTECTED]>
wrote:
So how does it prevent the use of the proxy as a 'free Akamai' when
people
can use it for their images/etc?
On Jul 16, 2008, at 10:52 PM, Kevin Brown wrote:
Yes, it works under that use case. Sending it as an attachment
does not
interfere with legitimate use of the proxy as it does not impact
img,
object, embed, script, or link elements or style sheet imports.
On Wed, Jul 16, 2008 at 1:46 PM, Ropu <[EMAIL PROTECTED]> wrote:
hi
i have a question.
will sending proxy results as attachment work with this example?
*
Let the container cache your dynamic content*
http://code.google.com/apis/opensocial/articles/latency/#dynamic
The gadgets.io.getProxyUrl function will return the location of
the
cached
version of the URL you provide, including images, JavaScript,
and CSS.
So
instead of using the URL of content hosted on your server, like
this:
function showImage() {
imgUrl = 'http://www.example.com/i_heart_apis_sm.png';
html = ['<img src="', imgUrl, '">'];
document.getElementById('dom_handle').innerHTML = html.join('');
};
showImage();
you can use the URL of the cached content, like this:
function showImage() {
imgUrl = 'http://www.example.com/i_heart_apis_sm.png';
*cachedUrl = gadgets.io.getProxyUrl(imgUrl);*
html = ['<img src="', *cachedUrl*, '">'];
document.getElementById('dom_handle').innerHTML = html.join('');
};
showImage();
if so, its preventing "free akamai"or phishing?
said this, or the example is wrong (and we are limiting
functionality)
or
the solution is partial (or im completely mixed up :P)
ropu
On Fri, Jul 11, 2008 at 2:45 PM, Kevin Brown <[EMAIL PROTECTED]>
wrote:
On Fri, Jul 11, 2008 at 2:20 AM, Karsten Beyer <[EMAIL PROTECTED]>
wrote:
Hi,
what is the suggested strategy to prevent abuse of the open
proxy at
/gadgets/proxy? I found some old discussions from february
about
adding
the
IP address of the user as HTTP header. Some testing however
showed
that
this
is not yet implemented.
Are there any plans to implement some kind of whitelist
feature? More
importantly: Are there any reasons against implementing such a
feature?
You could always add a whitelist for outbound requests, but
you'd have
to
do
a custom http fetcher implementation.
The java version is currently returning all proxied files as
attachments,
which has helped significantly with reducing the potential of
/gadgets/proxy
as a phishing vector or free Akamai.
Best Regards,
Karsten Beyer
[EMAIL PROTECTED]
--
.-. --- .--. ..-
R o p u
