OpenMoko light web server

Florent THIERY fthiery at gmail.com
Tue Apr 17 01:56:11 CEST 2007


> Q. is an XSS worm on the way?
> A. not unless you make your interface susceptible to known web app
> vulnerabilities: XSS, SQL Injection, session hijacking, etc.

Don't misunderstand me, i am 100% for mixing web & local app through a
web interface: I am very interested in netvibe's "universal" widget
API ( http://dev.netvibes.com/ ), as well as openkapow
(http://openkapow.org/ ) which could allow to compose your OS
following your needs. You could even port the local widgets back (if
they follow the API) and use them (in a limited fashion) on your
desktop...

> I'm doing to prevent it. 1) I'm going to run my code through an automated
> scanner. I recommend these things to everyone. [...]

Glad to see that you had security in mind from the beginning ! I mean
the question had to be asked, as you are doing GUI experimentation :)

> So, if you want to see
> if the phone just rang, you have to keep pinging the web server every second
> or so, and if it responds with "I'm ringing," you fire off the javascript
> that draws the "I'm ringing" icon on the interface.

No, this doesn't seem very energy-sparing...

> stinkin' feature, it is. But IIOP with a Java or Smalltalk BOA can be
> implemented fairly easily and without bloat.

Talking about squeak, what about http://www.seaside.st ?

Florent




More information about the community mailing list