OpenMoko light web server

Florent THIERY fthiery at
Tue Apr 17 01:56:11 CEST 2007

> Q. is an XSS worm on the way?
> A. not unless you make your interface susceptible to known web app
> vulnerabilities: XSS, SQL Injection, session hijacking, etc.

Don't misunderstand me, i am 100% for mixing web & local app through a
web interface: I am very interested in netvibe's "universal" widget
API ( ), as well as openkapow
( ) which could allow to compose your OS
following your needs. You could even port the local widgets back (if
they follow the API) and use them (in a limited fashion) on your

> I'm doing to prevent it. 1) I'm going to run my code through an automated
> scanner. I recommend these things to everyone. [...]

Glad to see that you had security in mind from the beginning ! I mean
the question had to be asked, as you are doing GUI experimentation :)

> So, if you want to see
> if the phone just rang, you have to keep pinging the web server every second
> or so, and if it responds with "I'm ringing," you fire off the javascript
> that draws the "I'm ringing" icon on the interface.

No, this doesn't seem very energy-sparing...

> stinkin' feature, it is. But IIOP with a Java or Smalltalk BOA can be
> implemented fairly easily and without bloat.

Talking about squeak, what about ?


More information about the community mailing list