> > In general I think it's not a good idea for the public API of a web > > application to reveal implementation details. With tg things are > > pretty good one can write the app such that nowhere it appears that > > the backend is in fact tg. Except I couldn't change the URL pointing > > to static content of widgets. Following > > http://docs.turbogears.org/1.0/WidgetsWithJSAndCSS all my css and > > javascript corresponding to widgets have tg_widgets in their URL. > > I don't think that having http://website/tg_widgets/widget/css/js/whatever > is > showing public API of a web application. It is a mere URI / URL for some > resource. That's the same as having a /feeds for RSS feeds or a /edit for > some editing form, for example.
Okay, calling it "public API" is maybe not the right term, but it surely reveals the fact that the web application is implemented in tg. > > Is it possible to change that? This is actually a general question of > > changing every name that has tg_ in it such as tg_errors, tg_format, > > etc. Or what do the developers think? Isn't it a good practive to make > > it possible to change all these names so that the public API is > > completely free of tg references? > > I agree that it should be easy to change. This would make things a bit more > complicated inside TG, but wouldn't be impossible to do. Even though you > can > do that already with some rewriting of URLs on your webserver. That is true, I mean the rewriting of URLs is a good idea. > Personally I don't see a problem with that and in fact I never looked at it > because it isn't all that intrusive and since I'm already stating that I > used > TurboGears somewhere this is just a detail. > > But, if we could code something that would remove this it would be OK with > me. It's just the fact that if a potential attacker knows implementation details he/she has a much simpler task. > Have you taken a look at the code, Daniel, to see if you have any suggestion > on how to make this implementation? Haven't yet, thought that I'd ask around here first, but I surely will now :) Will post anything useful I find. Cheers, Daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
