pyjamas 0.7 released

lkcl luke.leighton at
Tue Apr 27 16:04:35 EDT 2010

On Apr 26, 11:25 pm, Patrick Maupin <pmau... at> wrote:
> On Apr 26, 4:12 pm, lkcl <luke.leigh... at> wrote:
> >  and, given that you can use AJAX (e.g. JSONRPC) to communicate with a
> > server-side component, installed on and effectively do the
> > exact same thing, nobody bothers.
> I suppose, but again, that pushes off the security thing.  There are a
> lot of obvious ways to make unintended security holes in a
> application,

 not to an experienced web developer.  by starting the browser at a
URL which can only used once, you can effectively do the same trick
that X-Server X-Auth "magic cookies" does.

> so I'm sure there are also a lot of ways that would be
> unobvious to this security non-expert.  And, of course, the real
> dealbreaker is, it still requires a separate install.

 not necessarily.  luis pamirez created pygtkweb (a reimplementation
of gtk widgets, to be compiled to javascript, to run in a web browser)
and he created it as a stand-alone app that 1) fired off a web browser
2) ran a small cgi-bin-esque web service 3) served static (pre-
compiled) pages 4) served AJAX to the compiled app.

 with pyjd, that "step 1" can be bypassed or more specifically step 1
and 2 can be combined into the _one_ python app (two threads /
processes); you effectively combine the "start the window with the
browser engine in it" step with the "start a mini web server" step.

 so it can be done: it's just not "immediately obvious".


More information about the Python-list mailing list