OpenMoko light web server
Florent THIERY
fthiery at gmail.com
Tue Apr 17 01:56:11 CEST 2007
> Q. is an XSS worm on the way?
> A. not unless you make your interface susceptible to known web app
> vulnerabilities: XSS, SQL Injection, session hijacking, etc.
Don't misunderstand me, i am 100% for mixing web & local app through a
web interface: I am very interested in netvibe's "universal" widget
API ( http://dev.netvibes.com/ ), as well as openkapow
(http://openkapow.org/ ) which could allow to compose your OS
following your needs. You could even port the local widgets back (if
they follow the API) and use them (in a limited fashion) on your
desktop...
> I'm doing to prevent it. 1) I'm going to run my code through an automated
> scanner. I recommend these things to everyone. [...]
Glad to see that you had security in mind from the beginning ! I mean
the question had to be asked, as you are doing GUI experimentation :)
> So, if you want to see
> if the phone just rang, you have to keep pinging the web server every second
> or so, and if it responds with "I'm ringing," you fire off the javascript
> that draws the "I'm ringing" icon on the interface.
No, this doesn't seem very energy-sparing...
> stinkin' feature, it is. But IIOP with a Java or Smalltalk BOA can be
> implemented fairly easily and without bloat.
Talking about squeak, what about http://www.seaside.st ?
Florent
More information about the community
mailing list