Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Cross-domain resource access (for Java files)

Reply
Thread Tools

Cross-domain resource access (for Java files)

 
 
Andrew Thompson
Guest
Posts: n/a
 
      08-18-2008
I am in the process of developing an applet for marking-up
Java source (HTML style) for presentation, and am using
some source both on my domain(1), as well as Knute's
rabbitbrush.frazmtn domain(2), as examples.

(1)
<http://pscode.org/fmt/sbx.html?url=h...pscode.org/jh/
HelpSetter.java>
(2)
<http://pscode.org/fmt/?url=http://rabbitbrush.frazmtn.com/Pong2.java>

The point of linking to the two sites is to highlight the
security constraints. The applet for my own site is sandboxed,
but to access source from Knute's site, the end user needs to
accept the fully trusted version of the applet.

I like this scheme because the user does not even get to
'off site' source before a lot of bells and whistles, so
it helps (in some obtuse way) to highlight that something
unusual is happening.

Of course, foreign servers may simply refuse connections to
Java applications in total, and I would like to leave that
option open to them (so my apps. will not fib about what
they are).

As well, in order to give 'credit where it is due', the
applet makes a point of adding a bar on the bottom that
offers a button that links /directly/ to the (Java)
source document, and adds the message 'ClassName.java
source courtesy of the.other.domain'.

In my discussions of potential source at Knute's site for
test documents, he suggested that perhaps I could use a
proxy server to get the source into my site in the sandboxed
applet.

That is a good idea, but I am worried that is getting too
close to resource theft, or the perception of that.

What do folks around here, think?

Recommendations on ways forward:
- Leave the applet as is - it is just one more click to
get to source from another site.
- Implement a proxy server, have it identify itself
as java might, and accept any refusals gracefully.
- Implement a proxy server, have it identify itself
as WTH it would normally identify itself, and accept
any refusals gracefully.

Acknowledgment:
- Beef up the acknowledgment of source from a different
host by (ideas) moving the info. bar to the top, or
popping a JOptionPane at start-up.
- Stop stressing about it - the current detail is good
enough for Java programmers.

--
Andrew Thompson
http://pscode.org/
 
Reply With Quote
 
 
 
 
Andrew Thompson
Guest
Posts: n/a
 
      08-18-2008
On Aug 18, 1:27 pm, Andrew Thompson <(E-Mail Removed)> wrote:
...
> In my discussions of potential source at Knute's site for
> test documents, he suggested that perhaps I could use a
> proxy server to get the source into my site in the sandboxed
> applet.


And now I really think about it, Knute might just
have meant a proxy for *his* site, since we have a
pre-existing arrangement of linking to some of those
resources.

On the other hand, the applet will be configurable
by URL*, so I need to think on a wider scale.

* And I do not want to have to maintain a list of
'buy in' domains, better to let the site refuse at
the instant.

Oh, and bug reports etc. are welcome, but I doubt
that the document parsing ability will ever be
flawless.

--
Andrew Thompson
http://pscode.org/
 
Reply With Quote
 
 
 
 
Knute Johnson
Guest
Posts: n/a
 
      08-18-2008
Andrew Thompson wrote:
> On Aug 18, 1:27 pm, Andrew Thompson <(E-Mail Removed)> wrote:
> ..
>> In my discussions of potential source at Knute's site for
>> test documents, he suggested that perhaps I could use a
>> proxy server to get the source into my site in the sandboxed
>> applet.

>
> And now I really think about it, Knute might just
> have meant a proxy for *his* site, since we have a
> pre-existing arrangement of linking to some of those
> resources.


No I meant to have at your site so that the applet you served up could
get the source code page from there rather than having to get it from
the actual site. This would save your applet from having to ask for
permission. I don't know about you but I rarely look at signed applets
unless I know where they are coming from.

> On the other hand, the applet will be configurable
> by URL*, so I need to think on a wider scale.


And instead of proxying(sp) any page, maybe just the links in the applet
can talk to the proxy? It might be handy to get at any page though.

> * And I do not want to have to maintain a list of
> 'buy in' domains, better to let the site refuse at
> the instant.


I think so too.

> Oh, and bug reports etc. are welcome, but I doubt
> that the document parsing ability will ever be
> flawless.


--

Knute Johnson
email s/nospam/knute2008/

--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
------->>>>>>http://www.NewsDemon.com<<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Resource expression to access resource located in library Heinrich Moser ASP .Net 1 03-27-2008 04:25 PM
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity Jay ASP .Net 2 08-20-2007 07:38 PM
Resource manager problem: naming for embedded resource. Dirc Khan-Evans ASP .Net 1 10-17-2005 12:52 PM
Managing and Maintaining Resource Access David Parkes Microsoft Certification 0 05-09-2005 09:24 AM
The system cannot locate the resource specified. Error processing resource avishosh XML 2 08-08-2004 06:28 AM



Advertisments