[Laszlo-dev] serverless operation
P T Withington
ptw at pobox.com
Tue Jan 18 20:11:42 PST 2005
On 18 Jan 2005, at 17:33, Sarah Allen wrote:
> Tucker,
>
> This approach sounds appealing, but I'm afraid it would be confusing.
> Its true that the proxied/serverful operation is there to make up for
> limits in the runtime; however, that same limited runtime makes for a
> confusing experience. For example, to use a "serverless" connection
> to get data from another site, you need to make sure there is a
> cross-domain xml file. Depending on whether you control that other
> site, you may or may not want to use a proxied connection in this
> case.
I don't follow that. Whether you are proxied or not, you will want to
vet data that you get from 3rd party sites. If you are proxied, you
can do that in the server. If you are not, you have to do it in the
client. In either case, you will have to write the code to vet the
data; just having a proxy doesn't magically make 3rd-party data safe.
Different runtimes are likely to have different rules about whether an
app can access 3rd-party sites. A proxy can be used to subvert that
policy. For this reason, I think it is actually dangerous to have
proxied be the default.
> I think it would be easier to understand if the normal case is for the
> whole app to be proxied or not.
From a security point of view, I think it is more dangerous to turn
proxying on for all accesses, unless you replicate the security policy
of the runtime in the proxy. The security principle of least privilege
suggests that only accesses that require proxying should be proxied --
then you only have to think about the security implications of those
accesses, rather than of all accesses.
> Sarah
>
> At 01:14 PM 1/18/2005, P T Withington wrote:
>> Can we step back a minute?
>>
>> Isn't it the case that the purpose of proxied/serverful operation is
>> to make up for limitations in the current runtime -- operations that
>> the current runtime does not support (rendering png's) or permit
>> (access to other than the originating site) are handled on the server
>> instead?
>>
>> Is there some advantage to making all your operations be proxied if
>> you just need one?
>>
>> It seems we already have a switch implemented: If you are compiling
>> an LZX form that the target runtime does not support, the compiler
>> should compile it to a proxied version (perhaps with a warning) if
>> available, otherwise signal an error. It seems that the only need
>> for a proxied/unproxied switch is to silence the warning that you
>> used a form that requires a proxy for the target runtime.
>>
>> _______________________________________________
>> Laszlo-dev mailing list
>> Laszlo-dev at openlaszlo.org
>> http://www.openlaszlo.org/mailman/listinfo/laszlo-dev
>
> _______________________________________________
> Laszlo-dev mailing list
> Laszlo-dev at openlaszlo.org
> http://www.openlaszlo.org/mailman/listinfo/laszlo-dev
More information about the Laszlo-dev
mailing list