pyjamas 0.7 released
lkcl
luke.leighton at googlemail.com
Tue Apr 27 16:04:35 EDT 2010
On Apr 26, 11:25 pm, Patrick Maupin <pmau... at gmail.com> wrote:
> On Apr 26, 4:12 pm, lkcl <luke.leigh... at googlemail.com> wrote:
>
> > and, given that you can use AJAX (e.g. JSONRPC) to communicate with a
> > server-side component, installed on 127.0.0.1 and effectively do the
> > exact same thing, nobody bothers.
>
> I suppose, but again, that pushes off the security thing. There are a
> lot of obvious ways to make unintended security holes in a 127.0.0.1
> application,
not to an experienced web developer. by starting the browser at a
URL which can only used once, you can effectively do the same trick
that X-Server X-Auth "magic cookies" does.
> so I'm sure there are also a lot of ways that would be
> unobvious to this security non-expert. And, of course, the real
> dealbreaker is, it still requires a separate install.
not necessarily. luis pamirez created pygtkweb (a reimplementation
of gtk widgets, to be compiled to javascript, to run in a web browser)
and he created it as a stand-alone app that 1) fired off a web browser
2) ran a small cgi-bin-esque web service 3) served static (pre-
compiled) pages 4) served AJAX to the compiled app.
with pyjd, that "step 1" can be bypassed or more specifically step 1
and 2 can be combined into the _one_ python app (two threads /
processes); you effectively combine the "start the window with the
browser engine in it" step with the "start a mini web server" step.
so it can be done: it's just not "immediately obvious".
l.
More information about the Python-list
mailing list