Menu
▾
▴
dynapi-help — List relating to using the DynAPI, bug reports, and suggestions
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(83) |
Nov
(319) |
Dec
(441) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(617) |
Feb
(784) |
Mar
(426) |
Apr
(363) |
May
(489) |
Jun
(396) |
Jul
(405) |
Aug
(146) |
Sep
(97) |
Oct
(146) |
Nov
(348) |
Dec
(99) |
| 2002 |
Jan
(69) |
Feb
(92) |
Mar
(58) |
Apr
(33) |
May
(29) |
Jun
(45) |
Jul
(72) |
Aug
(71) |
Sep
(47) |
Oct
(19) |
Nov
(48) |
Dec
(55) |
| 2003 |
Jan
(23) |
Feb
(73) |
Mar
(42) |
Apr
(52) |
May
(64) |
Jun
(155) |
Jul
(169) |
Aug
(103) |
Sep
(113) |
Oct
(118) |
Nov
(46) |
Dec
(30) |
| 2004 |
Jan
(19) |
Feb
(24) |
Mar
(40) |
Apr
(13) |
May
(35) |
Jun
(1) |
Jul
(23) |
Aug
(3) |
Sep
(31) |
Oct
(31) |
Nov
(26) |
Dec
|
| 2005 |
Jan
(5) |
Feb
(4) |
Mar
(3) |
Apr
(2) |
May
(2) |
Jun
|
Jul
|
Aug
(23) |
Sep
(9) |
Oct
(5) |
Nov
(2) |
Dec
(1) |
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Arijit D. <ad...@pr...> - 2004-07-08 06:30:31
|
Hi all, I'm using dynapi 3.0 and I was wondering if there is a simple way to prevent the browser history from being affected by loaded urls in a loadpanel? Instead of the browser back button taking you through the history of loads in the loadpanel, I would like it to just take you off the page with the loadpanel completely and back to the previous page. I tried setting the 'skipHistory' variable to true when using setURL, but that didn't work. I also noticed all the history code in loadpanel.js, but I'm not sure how changing any of that will affect the way loadpanel works. Thanks for any help! Arijit |
|
From: Matthias F. <m.f...@iq...> - 2004-06-23 16:00:52
|
Hello, how can i recognize if the window is resized? I have one layer which is anchored to an element in a centered table on the page. After resize I want to move some layer which are not child of the anchored one. How can I do that? When I use window.onresize, I can start a function, but the anchored layer doesn't move. Thank you for your help, Matthias Foschepoth |
|
From: Raymond I. <xw...@ya...> - 2004-05-28 15:04:31
|
Hello Everyone, It has been a long time since I've updated my copy of DynAPI much less to say update the CVS. Well things are still rolling along as I can see that there's a lot of emails to read :) I've managed to setup my new website and I've uploaded my local copy of the DynAPI for everyone to review: http://www.xwisdomhtml.com I would like for all to review the changes and test ni NS4. The new widgets might not be 100% compatible with NS4 (sorry guys, I have a warm time trying to get the Boxfix to work in NS4) :{ Here are some of the changes that I've made thus far: * New widget design (no longer use StyleManager)' * New RichTextBox widget (beta) * Boxfix implemented Enjoy and please give you feedback. __ Raymond Irving |
|
From: Kevin B. <Kev...@bb...> - 2004-05-28 09:24:09
|
Hello,
how to simulate a tool tip is not the problem.
I need system tool tips because we use multi contents like flash, movies=20
and DHTML mixed on one site.
I need all the features of a system tooltip. For example: A layer is not=20
able to be displayed in front of a flash application. A title or alt=20
attribute is much simpler.
It would be nice if this bug is getting fixed. :\
Thanks
Kevin
Adeola Awoyemi <awo...@ya...>=20
Sent by: dyn...@li...
26.05.2004 06:35
Please respond to
dyn...@li...
To
dyn...@li...
cc
Subject
Re: [Dynapi-Help] dynAPI 3.x Beta - tool tip BUG in Mozilla?
I seemed to have the same problem a while ago when developing a site=20
using dynapi 2.5.7 but I just ended up using overlib for the tooltips=20
instead. but I guess I could have used the method Leif mentioned by=20
creating a layer and having that displayed onmouseover and hidden=20
onmouseout.
Adeola.
On 25 May 2004, at 10:21, Kevin Breynck wrote:
>
> Hello,
>
> when the user rolls over an image i want to display a tool tip.
> I use the attributes ALT and TITLE inside of an image tag.
>
> The Problem:
> When i include the dynapi library "dynapi.api" [...=20
> dynapi.library.include('dynapi.api'); ...] the tool tip does not=20
> appear in Mozilla Clients (Firefox, Mozilla 1.5, 1.6 etc. on W2k)
>
> CODE-EXAMPLE:
>
> <html>
>
> <head>
>
> <title>Tooltip</title>
>
> <script type=3D"text/javascript" src=3D"/js/=5Fdynapi/dynapi.js"></scri=
pt>
> <script type=3D"text/javascript">
> dynapi.library.setPath('/js/=5Fdynapi/');
> dynapi.library.include('dynapi.api');
> </script>
>
> <style type=3D"text/css">
> #testElementLayer {position:absolute; left:100px; top:10px;=20
> z-index:10;}
> </style>
>
> </head>
>
> <body>
>
> <div id=3D"testElementLayer" name=3D"testElementLayer">
> <img src=3D"img/image.gif" border=3D"0" name=3D"tafIcon" id=3D"tafIcon"=
=20
> alt=3D"Lorem Ipsum" title=3D"Lorem Ipsum" />
> </div>
>
> </body>
>
> </html>
>
> Can someone help me?
>
> And one more question:
> Is the dynapy 3.x project still alive? I ask because the latest=20
> snapshot is "dynapi3x=5F2003=5F11=5F03.zip 03-Nov-2003 11:11" :(
>
>
> Best regards,
> Kevin
--=20
"Pride only breeds quarrels, but wisdom is found in those who take=20
advice" (Proverbs 13:10).
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.=20
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad=5Fid149&alloc=5Fid=8166&op=3Dclick
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Dynapi-Help mailing list
Dyn...@li...
https://lists.sourceforge.net/lists/listinfo/dynapi-help
|
|
From: Doug M. <do...@cr...> - 2004-05-26 14:23:02
|
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.690 / Virus Database: 451 - Release Date: 5/22/2004 |
|
From: Adeola A. <awo...@ya...> - 2004-05-26 04:36:38
|
I seemed to have the same problem a while ago when developing a site=20
using dynapi 2.5.7 but I just ended up using overlib for the tooltips=20
instead. but I guess I could have used the method Leif mentioned by=20
creating a layer and having that displayed onmouseover and hidden=20
onmouseout.
Adeola.
On 25 May 2004, at 10:21, Kevin Breynck wrote:
>
> Hello,
>
> when the user rolls over an image i want to display a tool tip.
> I use the attributes ALT and TITLE inside of an image tag.
>
> The Problem:
> When i include the dynapi library "dynapi.api" [...=20
> dynapi.library.include('dynapi.api'); ...] the tool tip does not=20
> appear in Mozilla Clients (Firefox, Mozilla 1.5, 1.6 etc. on W2k)
>
> CODE-EXAMPLE:
>
> <html>
>
> <head>
>
> =A0 <title>Tooltip</title>
>
> =A0 <script type=3D"text/javascript" =
src=3D"/js/_dynapi/dynapi.js"></script>
> =A0 <script type=3D"text/javascript">
> =A0 =A0 dynapi.library.setPath('/js/_dynapi/');
> =A0 =A0 dynapi.library.include('dynapi.api');
> =A0 </script>
>
> =A0 <style type=3D"text/css">
> =A0 =A0 #testElementLayer {position:absolute; left:100px; top:10px;=20
> z-index:10;}
> =A0 </style>
>
> </head>
>
> <body>
>
> <div id=3D"testElementLayer" name=3D"testElementLayer">
> =A0 <img src=3D"img/image.gif" border=3D"0" name=3D"tafIcon" =
id=3D"tafIcon"=20
> alt=3D"Lorem Ipsum" title=3D"Lorem Ipsum" />
> </div>
>
> </body>
>
> </html>
>
> Can someone help me?
>
> And one more question:
> Is the dynapy 3.x project still alive? I ask because the latest=20
> snapshot is "dynapi3x_2003_11_03.zip 03-Nov-2003 11:11" :(
>
>
> Best regards,
> Kevin
--=20
"Pride only breeds quarrels, but wisdom is found in those who take=20
advice" (Proverbs 13:10).
|
|
From: Leif W <war...@us...> - 2004-05-25 10:52:11
|
Not sure about the first question. Have you triedthe CVS version? I
didn't know of the technique you're using. :o But, would any other
alternative be possible, like actually creating a "floating" layer, and
making it visible on mouse overs? The advantage would be it works over
an image or over another layer (I think). Haven't tried this... Maybe
be other quirks or disadvantages I am not aware of.
About the second, I'm still alive, but was only ever a minor
contributor. I plan on doing some more work to make the IO Element
stuff work better with Perl & PHP. Eventually. I just can't nail down
a time frame. Not sure where the main contributors have gone. Don't
want to stress them out or anything. Hope they're all alive and well at
least. But a heads-up for the users would be nice if you are still with
the project, silently working on things, or have disgarded the project
for another API or your own custom one, had major surgery (like a
lobotomy), etc.. :-D
Leif
----- Original Message -----
From: Kevin Breynck
To: dyn...@li...
Sent: Tuesday, May 25, 2004 5:21 AM
Subject: [Dynapi-Help] dynAPI 3.x Beta - tool tip BUG in Mozilla?
Hello,
when the user rolls over an image i want to display a tool tip.
I use the attributes ALT and TITLE inside of an image tag.
The Problem:
When i include the dynapi library "dynapi.api" [...
dynapi.library.include('dynapi.api'); ...] the tool tip does not appear
in Mozilla Clients (Firefox, Mozilla 1.5, 1.6 etc. on W2k)
CODE-EXAMPLE:
<html>
<head>
<title>Tooltip</title>
<script type="text/javascript" src="/js/_dynapi/dynapi.js"></script>
<script type="text/javascript">
dynapi.library.setPath('/js/_dynapi/');
dynapi.library.include('dynapi.api');
</script>
<style type="text/css">
#testElementLayer {position:absolute; left:100px; top:10px;
z-index:10;}
</style>
</head>
<body>
<div id="testElementLayer" name="testElementLayer">
<img src="img/image.gif" border="0" name="tafIcon" id="tafIcon"
alt="Lorem Ipsum" title="Lorem Ipsum" />
</div>
</body>
</html>
Can someone help me?
And one more question:
Is the dynapy 3.x project still alive? I ask because the latest snapshot
is "dynapi3x_2003_11_03.zip 03-Nov-2003 11:11" :(
Best regards,
Kevin
|
|
From: Kevin B. <Kev...@bb...> - 2004-05-25 09:21:19
|
Hello,
when the user rolls over an image i want to display a tool tip.
I use the attributes ALT and TITLE inside of an image tag.
The Problem:
When i include the dynapi library "dynapi.api" [...
dynapi.library.include('dynapi.api'); ...] the tool tip does not appear in
Mozilla Clients (Firefox, Mozilla 1.5, 1.6 etc. on W2k)
CODE-EXAMPLE:
<html>
<head>
<title>Tooltip</title>
<script type="text/javascript" src="/js/_dynapi/dynapi.js"></script>
<script type="text/javascript">
dynapi.library.setPath('/js/_dynapi/');
dynapi.library.include('dynapi.api');
</script>
<style type="text/css">
#testElementLayer {position:absolute; left:100px; top:10px;
z-index:10;}
</style>
</head>
<body>
<div id="testElementLayer" name="testElementLayer">
<img src="img/image.gif" border="0" name="tafIcon" id="tafIcon"
alt="Lorem Ipsum" title="Lorem Ipsum" />
</div>
</body>
</html>
Can someone help me?
And one more question:
Is the dynapy 3.x project still alive? I ask because the latest snapshot
is "dynapi3x_2003_11_03.zip 03-Nov-2003 11:11" :(
Best regards,
Kevin |
|
From: Michael H. <mi...@m2...> - 2004-05-24 16:13:00
|
Can anyone help me with a bug in OSX Safari? Drag events do not work if you create a layer in opposite frames. see sample .. http://66.80.162.29:8543/safari/testframe30.html |
|
From: Daniel T. <de...@ti...> - 2004-05-13 19:12:55
|
Thanks Doug!
I just thought it might be some other error aswell that i am making but maybee its just that i get lost in the code..
Thanks again, will try some more.
Regards
Tiru
> I do not know much about IOelement..
> So I will attack from another angle..
> I find that when you are getting into a stick escape/unescape situation,
> it can sometimes help to use variables rather than literal strings
> var HTMLToAdd = '<form onsubmit="runCode(\'hoho\')">'
> var WhatToExecute = 'lyr1.setHTML(' + HTMLToAdd + ')'
> io.execInParent(WhatToExecute)
>
> ---
> OR
> ---
> var HTMLToAdd = '<form onsubmit="runCode(\'hoho\')">'
> io.execInParent('lyr1.setHTML(top.HTMLToAdd)')
>
>
>
>
> ----- Original Message -----
> From: "Daniel Tiru" <de...@ti...>
> To: "dynapi help" <dyn...@li...>
> Sent: Wednesday, May 12, 2004 7:11 PM
> Subject: [Dynapi-Help] ioelement & strings
>
>
> > Hi all!
> >
> > Having some problems with strings and using ioelement and
> io.execInParent()
> >
> > So what i want to do is to set a layer using this code
> > io.execInParent('lyr1.setHTML()')
> > I want to set the content to this code:
> > <form onsubmit="runCode('hoho')">
> >
> > however how i try and try i cannot get it to work with the escaping... can
> someone please help me as i am really stuck now?
> >
> > Regards
> > Tiru
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: SourceForge.net Broadband
> > Sign-up now for SourceForge Broadband and get the fastest
> > 6.0/768 connection for only $19.95/mo for the first 3 months!
> > http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
|
|
From: Doug M. <do...@cr...> - 2004-05-13 14:22:56
|
I do not know much about IOelement..
So I will attack from another angle..
I find that when you are getting into a stick escape/unescape situation,
it can sometimes help to use variables rather than literal strings
var HTMLToAdd = '<form onsubmit="runCode(\'hoho\')">'
var WhatToExecute = 'lyr1.setHTML(' + HTMLToAdd + ')'
io.execInParent(WhatToExecute)
---
OR
---
var HTMLToAdd = '<form onsubmit="runCode(\'hoho\')">'
io.execInParent('lyr1.setHTML(top.HTMLToAdd)')
----- Original Message -----
From: "Daniel Tiru" <de...@ti...>
To: "dynapi help" <dyn...@li...>
Sent: Wednesday, May 12, 2004 7:11 PM
Subject: [Dynapi-Help] ioelement & strings
> Hi all!
>
> Having some problems with strings and using ioelement and
io.execInParent()
>
> So what i want to do is to set a layer using this code
> io.execInParent('lyr1.setHTML()')
> I want to set the content to this code:
> <form onsubmit="runCode('hoho')">
>
> however how i try and try i cannot get it to work with the escaping... can
someone please help me as i am really stuck now?
>
> Regards
> Tiru
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.683 / Virus Database: 445 - Release Date: 5/12/04
|
|
From: <an...@co...> - 2004-05-13 09:15:12
|
thanks!!! :)
Il Wed, 12 May 2004 13:37:38 -0400
"Doug Melvin" <do...@cr...> ha scritto:
> > Attached is an updated explorer.js (zipped)
> > The interface does not change.
> > Adding exp.unfoldTo('flour') to the explorer example that comes with the
> > dymapi
> > will explore to the node 'flour' and click it.
>
>
> FYI: SF is now blocking emails with .zip attached.
> Rename the attached file (explorer.zi_) to explorer.zip
>
>
>
> >
> >
> > ----- Original Message -----
> > From: "antonio" <an...@co...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 12, 2004 6:59 AM
> > Subject: [Dynapi-Help] unfoldTo method of explorer widget
> >
> >
> > > Hi all,
> > > I am trying to use the explorer widget to rappresents the tree of a
> > website.
> > > I need to unfold the tree to a determinate leave. In the source code I
> > > have look at the function unfoldTo, but it seems it doesn't work ...
> > >
> > > any help?
> > >
> > > thanks
> > > Antonio
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by Sleepycat Software
> > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > > deliver higher performing products faster, at low TCO.
> > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004
|
|
From: Daniel T. <de...@ti...> - 2004-05-12 23:12:10
|
Hi all!
Having some problems with strings and using ioelement and io.execInParent()
So what i want to do is to set a layer using this code
io.execInParent('lyr1.setHTML()')
I want to set the content to this code:
<form onsubmit="runCode('hoho')">
however how i try and try i cannot get it to work with the escaping... can someone please help me as i am really stuck now?
Regards
Tiru
|
|
From: Doug M. <do...@cr...> - 2004-05-12 17:38:59
|
> Attached is an updated explorer.js (zipped)
> The interface does not change.
> Adding exp.unfoldTo('flour') to the explorer example that comes with the
> dymapi
> will explore to the node 'flour' and click it.
FYI: SF is now blocking emails with .zip attached.
Rename the attached file (explorer.zi_) to explorer.zip
>
>
> ----- Original Message -----
> From: "antonio" <an...@co...>
> To: <dyn...@li...>
> Sent: Wednesday, May 12, 2004 6:59 AM
> Subject: [Dynapi-Help] unfoldTo method of explorer widget
>
>
> > Hi all,
> > I am trying to use the explorer widget to rappresents the tree of a
> website.
> > I need to unfold the tree to a determinate leave. In the source code I
> > have look at the function unfoldTo, but it seems it doesn't work ...
> >
> > any help?
> >
> > thanks
> > Antonio
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.682 / Virus Database: 444 - Release Date: 5/11/2004 |
|
From: antonio <an...@co...> - 2004-05-12 10:59:26
|
Hi all, I am trying to use the explorer widget to rappresents the tree of a website. I need to unfold the tree to a determinate leave. In the source code I have look at the function unfoldTo, but it seems it doesn't work ... any help? thanks Antonio |
|
From: Leif W <war...@us...> - 2004-05-05 21:59:04
|
----- Original Message -----
From: "Doug Melvin" <do...@cr...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 2:18 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Maybe a good question to ask the client.. I know I will NVER enter
personall
> information unless the little yellow lock is there...
Yeah, good points, and same here. But I was just thinking in terms of
the robustness of the lib, but maybe I think I open up a can of whoopass
on a bug but it's just a can of worms. ;-) Still, it'd be nice to
handle any protocol. But looking at the code, it seems like it should
work.
> Oh an Leif.. when did you start feeling obsolete? :-)
I think sometime after my 25th birthday (couple years ago). ;-)
> For me it was when I couldn't convince my co-worksers that COBOL has
no
> native
> array type... hehe
I don't even know COBOL, they didn't teach it at the school where I
first learned a little coding (C/asm/Scheme/Prolog). Hehe, sorry to put
another nail in your coffin. But the same school doesn't even teach C
as the beginning course, they use Java. D'oh! Ugh, too much dogma, I
liked a language that's flexible and purposely breakable. Makes coding
more fun and debugging more interesting!
> system.out.println("doug")
echo <<<WHERE
Am I?
WHERE;
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 1:11 PM
> Subject: Re: [Dynapi-Help] secure http - SOLUTION
>
>
> > Cool,
> >
> > That's what I was thinking (well I was thinking the old
document.href,
> > but that's pre-DOM I think, so I may showing my obsolete knowledge).
> > ;-)
> >
> > I'd like to test this for robustness before committing. Let's take
a
> > while to think through the combinations where this may or may not
work,
> > i.e. http page pulling https data from the same or a different
server,
> > for instance if page images and static content don't need to be
> > encrypted, just the dynamic content fetched by the remote script?
It
> > doesn't work for different protocol types, unless you manually
modify
> > those lines and add your protocol, using a switch statement or
> > something. It should just use whatever protocol the file was
requested
> > with if there's a complete URI, or else fallback to the protocol of
the
> > page it being called from. Also to take into account are the port
> > numbers. Another non-standard configuration of my server is to use
> > alternative port numbers to differentiate unique secure hosts with a
> > single IP by using a unique IP:port pair.
> >
> > I figure while we're looking at it and fixing a bug for one
condition,
> > why not take on the larger problem revealed, and formulate a
generalized
> > improvement for as many cases as we can. 90% of the work is
figuring
> > out what's going on. Why address it later when I've forgotten
> > everything. ;-) Of course, I keep getting sidetracked with
things...
> > If you have the momentum, go ahead and fix it, otherwise I'll get to
it
> > as soon as I can, and you can keep using your patch and drop in a
> > replacement later if you want. :-)
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 12:14 PM
> > Subject: Re: [Dynapi-Help] secure http - SOLUTION
> >
> >
> > > Here's my solution for anyone who may be interested. It works with
> > both
> > > secure and non-secure servers. In ioelement.js and the function
> > _doRequest
> > > it should read as follows starting on line 225
> > >
> > > if (url.indexOf('http')!=0) {
> > > var urlP = (this.doc.URL.indexOf('https') == 0) ?
> > 'https://'
> > > : 'http://';
> > > if (url.substr(0,1)=='/') url =
> > > urlP+dynapi.frame.document.domain+url;
> > > else url = dynapi.documentPath+url;
> > > }
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 12:00 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Right. So if you call ioelement.post(handler, data, function)
with
> > handler
> > > > set to a relative URL, this line expands it out to the full URI.
> > What I'm
> > > > thinking is that you could use the DOM to get something like
> > this.doc.URL
> > > > (not sure if this is the best place to check) and check if the
> > prefix is
> > > > http or https and then prepend the result to the url vaiable in
> > > _doRequest.
> > > >
> > > > I'm gonna try that here on my local copy. It may be worth
putting in
> > the
> > > > CVS, although I don't think it's been updated since Nov.
> > > >
> > > > Jeremy
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 11:04 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > To get the protocol name you'll need to look at the full URI
> > > > > (http://site/path/file.html) and not just the URL
> > (/path/file.html). At
> > > > > that point in the script, it is making decisions without
enough
> > > > > information, based only on the URL. So, it's got to be pulled
> > from
> > > > > elsewhere. As I said before, I never really modified the
> > ioelement.js
> > > > > (except some other minor thing), so I haven't got a good sense
of
> > what
> > > > > goes on in there, yet.
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Ok, I tried changing that http to https in ioelement.js and
it
> > worked.
> > > > > > Sorry, I should have tried it before I wrote that last
email.
> > > > > >
> > > > > > What I'm wondering now is if there is a way to differentiate
> > between
> > > > > > secure/non-secure connections so that the appropriate prefix
> > > > > (http/https)
> > > > > > could be attached at
> > > > > >
> > > > > > if (url.substr(0,1)=='/') url =
> > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > >
> > > > > > and you wouldn't have to run separate copies of dynapi for
> > secure and
> > > > > > non-secure servers.
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Leif,
> > > > > > >
> > > > > > > What you have described is exactly what I am trying to do.
> > > > > > >
> > > > > > > > script over HTTPS to get data from a MySQL server. I've
> > used
> > > > > ioelement
> > > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But
in my
> > case,
> > > > > all
> > > > > > > > these servers are running on the same mahine and I have
> > total
> > > > > control
> > > > > > >
> > > > > > > Because Mozilla crashes, I'm having a difficult time
debugging
> > the
> > > > > error.
> > > > > > > IE's script debugger says it's crashing in
> > _monitorTransactions in
> > > > > > > ioelement.js. at the following if statement:
> > > > > > >
> > > > > > > elm=this.getScope(r[4]);
> > > > > > > if(elm && elm.document &&
!elm.document._tranState){
> > > > > > >
> > > > > > > So I'm assuming the getScope function on the previous line
is
> > > > > returning a
> > > > > > > null value. I'm not sure why this would be, and maybe I'm
way
> > off
> > > > > base.
> > > > > > The
> > > > > > > only other thing I'm wondering about is if the following
lines
> > are
> > > > > causing
> > > > > > a
> > > > > > > problem in _doRequest
> > > > > > >
> > > > > > > if (url.indexOf('http')!=0) {
> > > > > > > if (url.substr(0,1)=='/') url =
> > > > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > > > else url = dynapi.documentPath+url;
> > > > > > > }
> > > > > > >
> > > > > > > Did you have to change these lines to set the url variable
to
> > start
> > > > > with
> > > > > > > https rather than http?
> > > > > > >
> > > > > > > Thanks for your help.
> > > > > > >
> > > > > > > Jeremy
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Leif W" <war...@us...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Hmm, not sure about that one. But the first part makes
> > sense: you
> > > > > don't
> > > > > > > > want to start loading insecure data over a secure
> > connection,
> > > > > because
> > > > > > > > then the data that is loaded is not going to be
transmitted
> > > > > securely,
> > > > > > > > giving the false impression to the user that the entire
> > session is
> > > > > > > > secure. The second part, about the browser going into a
> > loop and
> > > > > giving
> > > > > > > > an application error, seems like a bug a Doug suggested,
but
> > I
> > > > > have no
> > > > > > > > idea.
> > > > > > > >
> > > > > > > > How are you calling this PHP script? Is there any
reason
> > you
> > > > > can't use
> > > > > > > > a secure URL to the PHP script in the JS code?
> > > > > > > > https://domain.dom/sql.php Then, you are just talking
HTTP
> > over a
> > > > > > > > secure connection, and the browser won't know or care
what
> > the PHP
> > > > > > > > script does insecurely while talking to the database
(which
> > could
> > > > > be
> > > > > > > > another point of concern from the security view). I use
a
> > plain
> > > > > PHP
> > > > > > > > script over HTTPS to get data from a MySQL server. I've
> > used
> > > > > ioelement
> > > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But
in my
> > case,
> > > > > all
> > > > > > > > these servers are running on the same mahine and I have
> > total
> > > > > control
> > > > > > > > over it, so I know it's configured to work the way I
expect.
> > I
> > > > > haven't
> > > > > > > > tried having the initial web page on one HTTPS server,
and
> > calling
> > > > > the
> > > > > > > > PHP from a separate HTTP/HTTPS server, which may be what
> > you're
> > > > > doing.
> > > > > > > >
> > > > > > > > If you have control over the database machine, and it's
a
> > UNIX
> > > > > box, you
> > > > > > > > can install a program that enables SSL connections to
> > arbitrary
> > > > > server
> > > > > > > > programs, with no modification to the server. Two such
> > programs I
> > > > > am
> > > > > > > > aware of (both use OpenSSL) are stunnel and sslwrap.
I'm
> > using
> > > > > stunnel
> > > > > > > > for SWAT (Samba Web Administration Tool), which doesn't
use
> > > > > Apache, it
> > > > > > > > has it's own web server functionality, but specifically
for
> > the
> > > > > task at
> > > > > > > > hand.
> > > > > > > >
> > > > > > > > Leif
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Sorry, I should have been more specific in my original
> > email. I
> > > > > am
> > > > > > > > using
> > > > > > > > > Dynapi 3 with ioelement.js to get data from a database
via
> > php
> > > > > > > > scripts. It
> > > > > > > > > works fine when it's running over http (port 80). When
I
> > switch
> > > > > to
> > > > > > > > https
> > > > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > > > >
> > > > > > > > > Although this page is encrypted, the information you
have
> > > > > entered is
> > > > > > > > to be
> > > > > > > > > sent over an unencrypted connection and could easily
be
> > read by
> > > > > a
> > > > > > > > third
> > > > > > > > > party.
> > > > > > > > >
> > > > > > > > > It asks me if wish to continue.... I click yes and
then
> > mozilla
> > > > > goes
> > > > > > > > into a
> > > > > > > > > loop and gets an application error. Any idea on how I
can
> > fix
> > > > > this. I
> > > > > > > > really
> > > > > > > > > need to be able to use secure http for my application.
> > > > > > > > >
> > > > > > > > > Jeremy
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > From: "Leif W" <war...@us...>
> > > > > > > > > To: <dyn...@li...>
> > > > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Work in what way? It should work fine in a general
> > sense.
> > > > > The
> > > > > > > > browser
> > > > > > > > > > handles the connection to the server. The server
does
> > not
> > > > > care what
> > > > > > > > the
> > > > > > > > > > file contents are, they are just static javascript
> > files. The
> > > > > > > > browser
> > > > > > > > > > handles running the JavaScript, the server has no
part
> > in this
> > > > > > > > process.
> > > > > > > > > > I have a local copy of CVS with some of my
tinkerings in
> > it,
> > > > > so it's
> > > > > > > > a
> > > > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched.
You
> > can
> > > > > see it
> > > > > > > > at
> > > > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > > > automatically
> > > > > > > > > > redirects to the secure site. I did most of my work
> > with
> > > > > IOElement
> > > > > > > > and
> > > > > > > > > > SODA here.
> > > > > > > > > >
> > > > > > > > > > :D Ohh yeah, the site is down right now, as I'm
> > modifying
> > > > > some
> > > > > > > > Apache
> > > > > > > > > > config settings, to get more details in my log
files,
> > and I
> > > > > kind of
> > > > > > > > shut
> > > > > > > > > > the site off and started modifying some live files
so I
> > can't
> > > > > turn
> > > > > > > > it
> > > > > > > > > > back up until the configs are finished. Should be
> > tonight or
> > > > > > > > tomorrow,
> > > > > > > > > > once I am able to finish.
> > > > > > > > > >
> > > > > > > > > > In any case, what are you trying now and what isn't
> > working?
> > > > > > > > > >
> > > > > > > > > > Leif
> > > > > > > > > >
> > > > > > > > > > ----- Original Message -----
> > > > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > > > To: <dyn...@li...>
> > > > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > Is anyone aware of a way to get DynAPI 3 working
with
> > a
> > > > > secure
> > > > > > > > http
> > > > > > > > > > server?
> > > > > > > > > > >
> > > > > > > > > > > Thanks,
> > > > > > > > > > >
> > > > > > > > > > > Jeremy
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> -------------------------------------------------------
> > > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > > Get certified on the hottest thing ever to hit the
> > market...
> > > > > Oracle
> > > > > > > > 10g.
> > > > > > > > > > Take an Oracle 10g class now, and we'll give you the
> > exam
> > > > > FREE.
> > > > > > > > > >
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > > _______________________________________________
> > > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > > Dyn...@li...
> > > > > > > > > >
https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> -------------------------------------------------------
> > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > Get certified on the hottest thing ever to hit the
> > market...
> > > > > Oracle
> > > > > > > > 10g.
> > > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > FREE.
> > > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > _______________________________________________
> > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > Dyn...@li...
> > > > > > > > >
https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > > > Oracle 10g.
> > > > > >
> > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the
market...
> > Oracle
> > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> > FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by Sleepycat Software
> > > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent
use to
> > > > deliver higher performing products faster, at low TCO.
> > > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by Sleepycat Software
> > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use
to
> > > deliver higher performing products faster, at low TCO.
> > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.677 / Virus Database: 439 - Release Date: 5/4/2004
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Doug M. <do...@cr...> - 2004-05-05 18:18:45
|
Just a quick note...
Mixing secure and unsecure items in a page has the unfortunate
side-effect of hte little yellow Lock symbol not showing up in the
bottom-right
corner of the browser (which is what people look for) as well as that
annoying
warning from the browser..
Not saying you should never mix these items, just a point to consider when
designing your app..
Maybe a good question to ask the client.. I know I will NVER enter personall
information unless the little yellow lock is there...
Oh an Leif.. when did you start feeling obsolete? :-)
For me it was when I couldn't convince my co-worksers that COBOL has no
native
array type... hehe
system.out.println("doug")
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 1:11 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Cool,
>
> That's what I was thinking (well I was thinking the old document.href,
> but that's pre-DOM I think, so I may showing my obsolete knowledge).
> ;-)
>
> I'd like to test this for robustness before committing. Let's take a
> while to think through the combinations where this may or may not work,
> i.e. http page pulling https data from the same or a different server,
> for instance if page images and static content don't need to be
> encrypted, just the dynamic content fetched by the remote script? It
> doesn't work for different protocol types, unless you manually modify
> those lines and add your protocol, using a switch statement or
> something. It should just use whatever protocol the file was requested
> with if there's a complete URI, or else fallback to the protocol of the
> page it being called from. Also to take into account are the port
> numbers. Another non-standard configuration of my server is to use
> alternative port numbers to differentiate unique secure hosts with a
> single IP by using a unique IP:port pair.
>
> I figure while we're looking at it and fixing a bug for one condition,
> why not take on the larger problem revealed, and formulate a generalized
> improvement for as many cases as we can. 90% of the work is figuring
> out what's going on. Why address it later when I've forgotten
> everything. ;-) Of course, I keep getting sidetracked with things...
> If you have the momentum, go ahead and fix it, otherwise I'll get to it
> as soon as I can, and you can keep using your patch and drop in a
> replacement later if you want. :-)
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 12:14 PM
> Subject: Re: [Dynapi-Help] secure http - SOLUTION
>
>
> > Here's my solution for anyone who may be interested. It works with
> both
> > secure and non-secure servers. In ioelement.js and the function
> _doRequest
> > it should read as follows starting on line 225
> >
> > if (url.indexOf('http')!=0) {
> > var urlP = (this.doc.URL.indexOf('https') == 0) ?
> 'https://'
> > : 'http://';
> > if (url.substr(0,1)=='/') url =
> > urlP+dynapi.frame.document.domain+url;
> > else url = dynapi.documentPath+url;
> > }
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 12:00 PM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Right. So if you call ioelement.post(handler, data, function) with
> handler
> > > set to a relative URL, this line expands it out to the full URI.
> What I'm
> > > thinking is that you could use the DOM to get something like
> this.doc.URL
> > > (not sure if this is the best place to check) and check if the
> prefix is
> > > http or https and then prepend the result to the url vaiable in
> > _doRequest.
> > >
> > > I'm gonna try that here on my local copy. It may be worth putting in
> the
> > > CVS, although I don't think it's been updated since Nov.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 11:04 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > To get the protocol name you'll need to look at the full URI
> > > > (http://site/path/file.html) and not just the URL
> (/path/file.html). At
> > > > that point in the script, it is making decisions without enough
> > > > information, based only on the URL. So, it's got to be pulled
> from
> > > > elsewhere. As I said before, I never really modified the
> ioelement.js
> > > > (except some other minor thing), so I haven't got a good sense of
> what
> > > > goes on in there, yet.
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Ok, I tried changing that http to https in ioelement.js and it
> worked.
> > > > > Sorry, I should have tried it before I wrote that last email.
> > > > >
> > > > > What I'm wondering now is if there is a way to differentiate
> between
> > > > > secure/non-secure connections so that the appropriate prefix
> > > > (http/https)
> > > > > could be attached at
> > > > >
> > > > > if (url.substr(0,1)=='/') url =
> > > > 'http://'+dynapi.frame.document.domain+url;
> > > > >
> > > > > and you wouldn't have to run separate copies of dynapi for
> secure and
> > > > > non-secure servers.
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Leif,
> > > > > >
> > > > > > What you have described is exactly what I am trying to do.
> > > > > >
> > > > > > > script over HTTPS to get data from a MySQL server. I've
> used
> > > > ioelement
> > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
> case,
> > > > all
> > > > > > > these servers are running on the same mahine and I have
> total
> > > > control
> > > > > >
> > > > > > Because Mozilla crashes, I'm having a difficult time debugging
> the
> > > > error.
> > > > > > IE's script debugger says it's crashing in
> _monitorTransactions in
> > > > > > ioelement.js. at the following if statement:
> > > > > >
> > > > > > elm=this.getScope(r[4]);
> > > > > > if(elm && elm.document && !elm.document._tranState){
> > > > > >
> > > > > > So I'm assuming the getScope function on the previous line is
> > > > returning a
> > > > > > null value. I'm not sure why this would be, and maybe I'm way
> off
> > > > base.
> > > > > The
> > > > > > only other thing I'm wondering about is if the following lines
> are
> > > > causing
> > > > > a
> > > > > > problem in _doRequest
> > > > > >
> > > > > > if (url.indexOf('http')!=0) {
> > > > > > if (url.substr(0,1)=='/') url =
> > > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > > else url = dynapi.documentPath+url;
> > > > > > }
> > > > > >
> > > > > > Did you have to change these lines to set the url variable to
> start
> > > > with
> > > > > > https rather than http?
> > > > > >
> > > > > > Thanks for your help.
> > > > > >
> > > > > > Jeremy
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Leif W" <war...@us...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Hmm, not sure about that one. But the first part makes
> sense: you
> > > > don't
> > > > > > > want to start loading insecure data over a secure
> connection,
> > > > because
> > > > > > > then the data that is loaded is not going to be transmitted
> > > > securely,
> > > > > > > giving the false impression to the user that the entire
> session is
> > > > > > > secure. The second part, about the browser going into a
> loop and
> > > > giving
> > > > > > > an application error, seems like a bug a Doug suggested, but
> I
> > > > have no
> > > > > > > idea.
> > > > > > >
> > > > > > > How are you calling this PHP script? Is there any reason
> you
> > > > can't use
> > > > > > > a secure URL to the PHP script in the JS code?
> > > > > > > https://domain.dom/sql.php Then, you are just talking HTTP
> over a
> > > > > > > secure connection, and the browser won't know or care what
> the PHP
> > > > > > > script does insecurely while talking to the database (which
> could
> > > > be
> > > > > > > another point of concern from the security view). I use a
> plain
> > > > PHP
> > > > > > > script over HTTPS to get data from a MySQL server. I've
> used
> > > > ioelement
> > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
> case,
> > > > all
> > > > > > > these servers are running on the same mahine and I have
> total
> > > > control
> > > > > > > over it, so I know it's configured to work the way I expect.
> I
> > > > haven't
> > > > > > > tried having the initial web page on one HTTPS server, and
> calling
> > > > the
> > > > > > > PHP from a separate HTTP/HTTPS server, which may be what
> you're
> > > > doing.
> > > > > > >
> > > > > > > If you have control over the database machine, and it's a
> UNIX
> > > > box, you
> > > > > > > can install a program that enables SSL connections to
> arbitrary
> > > > server
> > > > > > > programs, with no modification to the server. Two such
> programs I
> > > > am
> > > > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm
> using
> > > > stunnel
> > > > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > > > Apache, it
> > > > > > > has it's own web server functionality, but specifically for
> the
> > > > task at
> > > > > > > hand.
> > > > > > >
> > > > > > > Leif
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Sorry, I should have been more specific in my original
> email. I
> > > > am
> > > > > > > using
> > > > > > > > Dynapi 3 with ioelement.js to get data from a database via
> php
> > > > > > > scripts. It
> > > > > > > > works fine when it's running over http (port 80). When I
> switch
> > > > to
> > > > > > > https
> > > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > > >
> > > > > > > > Although this page is encrypted, the information you have
> > > > entered is
> > > > > > > to be
> > > > > > > > sent over an unencrypted connection and could easily be
> read by
> > > > a
> > > > > > > third
> > > > > > > > party.
> > > > > > > >
> > > > > > > > It asks me if wish to continue.... I click yes and then
> mozilla
> > > > goes
> > > > > > > into a
> > > > > > > > loop and gets an application error. Any idea on how I can
> fix
> > > > this. I
> > > > > > > really
> > > > > > > > need to be able to use secure http for my application.
> > > > > > > >
> > > > > > > > Jeremy
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Leif W" <war...@us...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Work in what way? It should work fine in a general
> sense.
> > > > The
> > > > > > > browser
> > > > > > > > > handles the connection to the server. The server does
> not
> > > > care what
> > > > > > > the
> > > > > > > > > file contents are, they are just static javascript
> files. The
> > > > > > > browser
> > > > > > > > > handles running the JavaScript, the server has no part
> in this
> > > > > > > process.
> > > > > > > > > I have a local copy of CVS with some of my tinkerings in
> it,
> > > > so it's
> > > > > > > a
> > > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You
> can
> > > > see it
> > > > > > > at
> > > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > > automatically
> > > > > > > > > redirects to the secure site. I did most of my work
> with
> > > > IOElement
> > > > > > > and
> > > > > > > > > SODA here.
> > > > > > > > >
> > > > > > > > > :D Ohh yeah, the site is down right now, as I'm
> modifying
> > > > some
> > > > > > > Apache
> > > > > > > > > config settings, to get more details in my log files,
> and I
> > > > kind of
> > > > > > > shut
> > > > > > > > > the site off and started modifying some live files so I
> can't
> > > > turn
> > > > > > > it
> > > > > > > > > back up until the configs are finished. Should be
> tonight or
> > > > > > > tomorrow,
> > > > > > > > > once I am able to finish.
> > > > > > > > >
> > > > > > > > > In any case, what are you trying now and what isn't
> working?
> > > > > > > > >
> > > > > > > > > Leif
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > > To: <dyn...@li...>
> > > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Is anyone aware of a way to get DynAPI 3 working with
> a
> > > > secure
> > > > > > > http
> > > > > > > > > server?
> > > > > > > > > >
> > > > > > > > > > Thanks,
> > > > > > > > > >
> > > > > > > > > > Jeremy
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -------------------------------------------------------
> > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > Get certified on the hottest thing ever to hit the
> market...
> > > > Oracle
> > > > > > > 10g.
> > > > > > > > > Take an Oracle 10g class now, and we'll give you the
> exam
> > > > FREE.
> > > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > _______________________________________________
> > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > Dyn...@li...
> > > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
> market...
> > > > Oracle
> > > > > > > 10g.
> > > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the market...
> > > > Oracle 10g.
> > > > >
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by Sleepycat Software
> > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > > deliver higher performing products faster, at low TCO.
> > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.677 / Virus Database: 439 - Release Date: 5/4/2004
|
|
From: Leif W <war...@us...> - 2004-05-05 17:11:51
|
Cool,
That's what I was thinking (well I was thinking the old document.href,
but that's pre-DOM I think, so I may showing my obsolete knowledge).
;-)
I'd like to test this for robustness before committing. Let's take a
while to think through the combinations where this may or may not work,
i.e. http page pulling https data from the same or a different server,
for instance if page images and static content don't need to be
encrypted, just the dynamic content fetched by the remote script? It
doesn't work for different protocol types, unless you manually modify
those lines and add your protocol, using a switch statement or
something. It should just use whatever protocol the file was requested
with if there's a complete URI, or else fallback to the protocol of the
page it being called from. Also to take into account are the port
numbers. Another non-standard configuration of my server is to use
alternative port numbers to differentiate unique secure hosts with a
single IP by using a unique IP:port pair.
I figure while we're looking at it and fixing a bug for one condition,
why not take on the larger problem revealed, and formulate a generalized
improvement for as many cases as we can. 90% of the work is figuring
out what's going on. Why address it later when I've forgotten
everything. ;-) Of course, I keep getting sidetracked with things...
If you have the momentum, go ahead and fix it, otherwise I'll get to it
as soon as I can, and you can keep using your patch and drop in a
replacement later if you want. :-)
Leif
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 12:14 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Here's my solution for anyone who may be interested. It works with
both
> secure and non-secure servers. In ioelement.js and the function
_doRequest
> it should read as follows starting on line 225
>
> if (url.indexOf('http')!=0) {
> var urlP = (this.doc.URL.indexOf('https') == 0) ?
'https://'
> : 'http://';
> if (url.substr(0,1)=='/') url =
> urlP+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Jeremy
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 12:00 PM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Right. So if you call ioelement.post(handler, data, function) with
handler
> > set to a relative URL, this line expands it out to the full URI.
What I'm
> > thinking is that you could use the DOM to get something like
this.doc.URL
> > (not sure if this is the best place to check) and check if the
prefix is
> > http or https and then prepend the result to the url vaiable in
> _doRequest.
> >
> > I'm gonna try that here on my local copy. It may be worth putting in
the
> > CVS, although I don't think it's been updated since Nov.
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 11:04 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > To get the protocol name you'll need to look at the full URI
> > > (http://site/path/file.html) and not just the URL
(/path/file.html). At
> > > that point in the script, it is making decisions without enough
> > > information, based only on the URL. So, it's got to be pulled
from
> > > elsewhere. As I said before, I never really modified the
ioelement.js
> > > (except some other minor thing), so I haven't got a good sense of
what
> > > goes on in there, yet.
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Ok, I tried changing that http to https in ioelement.js and it
worked.
> > > > Sorry, I should have tried it before I wrote that last email.
> > > >
> > > > What I'm wondering now is if there is a way to differentiate
between
> > > > secure/non-secure connections so that the appropriate prefix
> > > (http/https)
> > > > could be attached at
> > > >
> > > > if (url.substr(0,1)=='/') url =
> > > 'http://'+dynapi.frame.document.domain+url;
> > > >
> > > > and you wouldn't have to run separate copies of dynapi for
secure and
> > > > non-secure servers.
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Leif,
> > > > >
> > > > > What you have described is exactly what I am trying to do.
> > > > >
> > > > > > script over HTTPS to get data from a MySQL server. I've
used
> > > ioelement
> > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
case,
> > > all
> > > > > > these servers are running on the same mahine and I have
total
> > > control
> > > > >
> > > > > Because Mozilla crashes, I'm having a difficult time debugging
the
> > > error.
> > > > > IE's script debugger says it's crashing in
_monitorTransactions in
> > > > > ioelement.js. at the following if statement:
> > > > >
> > > > > elm=this.getScope(r[4]);
> > > > > if(elm && elm.document && !elm.document._tranState){
> > > > >
> > > > > So I'm assuming the getScope function on the previous line is
> > > returning a
> > > > > null value. I'm not sure why this would be, and maybe I'm way
off
> > > base.
> > > > The
> > > > > only other thing I'm wondering about is if the following lines
are
> > > causing
> > > > a
> > > > > problem in _doRequest
> > > > >
> > > > > if (url.indexOf('http')!=0) {
> > > > > if (url.substr(0,1)=='/') url =
> > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > else url = dynapi.documentPath+url;
> > > > > }
> > > > >
> > > > > Did you have to change these lines to set the url variable to
start
> > > with
> > > > > https rather than http?
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > > Jeremy
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Leif W" <war...@us...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Hmm, not sure about that one. But the first part makes
sense: you
> > > don't
> > > > > > want to start loading insecure data over a secure
connection,
> > > because
> > > > > > then the data that is loaded is not going to be transmitted
> > > securely,
> > > > > > giving the false impression to the user that the entire
session is
> > > > > > secure. The second part, about the browser going into a
loop and
> > > giving
> > > > > > an application error, seems like a bug a Doug suggested, but
I
> > > have no
> > > > > > idea.
> > > > > >
> > > > > > How are you calling this PHP script? Is there any reason
you
> > > can't use
> > > > > > a secure URL to the PHP script in the JS code?
> > > > > > https://domain.dom/sql.php Then, you are just talking HTTP
over a
> > > > > > secure connection, and the browser won't know or care what
the PHP
> > > > > > script does insecurely while talking to the database (which
could
> > > be
> > > > > > another point of concern from the security view). I use a
plain
> > > PHP
> > > > > > script over HTTPS to get data from a MySQL server. I've
used
> > > ioelement
> > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
case,
> > > all
> > > > > > these servers are running on the same mahine and I have
total
> > > control
> > > > > > over it, so I know it's configured to work the way I expect.
I
> > > haven't
> > > > > > tried having the initial web page on one HTTPS server, and
calling
> > > the
> > > > > > PHP from a separate HTTP/HTTPS server, which may be what
you're
> > > doing.
> > > > > >
> > > > > > If you have control over the database machine, and it's a
UNIX
> > > box, you
> > > > > > can install a program that enables SSL connections to
arbitrary
> > > server
> > > > > > programs, with no modification to the server. Two such
programs I
> > > am
> > > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm
using
> > > stunnel
> > > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > > Apache, it
> > > > > > has it's own web server functionality, but specifically for
the
> > > task at
> > > > > > hand.
> > > > > >
> > > > > > Leif
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Sorry, I should have been more specific in my original
email. I
> > > am
> > > > > > using
> > > > > > > Dynapi 3 with ioelement.js to get data from a database via
php
> > > > > > scripts. It
> > > > > > > works fine when it's running over http (port 80). When I
switch
> > > to
> > > > > > https
> > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > >
> > > > > > > Although this page is encrypted, the information you have
> > > entered is
> > > > > > to be
> > > > > > > sent over an unencrypted connection and could easily be
read by
> > > a
> > > > > > third
> > > > > > > party.
> > > > > > >
> > > > > > > It asks me if wish to continue.... I click yes and then
mozilla
> > > goes
> > > > > > into a
> > > > > > > loop and gets an application error. Any idea on how I can
fix
> > > this. I
> > > > > > really
> > > > > > > need to be able to use secure http for my application.
> > > > > > >
> > > > > > > Jeremy
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Leif W" <war...@us...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Work in what way? It should work fine in a general
sense.
> > > The
> > > > > > browser
> > > > > > > > handles the connection to the server. The server does
not
> > > care what
> > > > > > the
> > > > > > > > file contents are, they are just static javascript
files. The
> > > > > > browser
> > > > > > > > handles running the JavaScript, the server has no part
in this
> > > > > > process.
> > > > > > > > I have a local copy of CVS with some of my tinkerings in
it,
> > > so it's
> > > > > > a
> > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You
can
> > > see it
> > > > > > at
> > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > automatically
> > > > > > > > redirects to the secure site. I did most of my work
with
> > > IOElement
> > > > > > and
> > > > > > > > SODA here.
> > > > > > > >
> > > > > > > > :D Ohh yeah, the site is down right now, as I'm
modifying
> > > some
> > > > > > Apache
> > > > > > > > config settings, to get more details in my log files,
and I
> > > kind of
> > > > > > shut
> > > > > > > > the site off and started modifying some live files so I
can't
> > > turn
> > > > > > it
> > > > > > > > back up until the configs are finished. Should be
tonight or
> > > > > > tomorrow,
> > > > > > > > once I am able to finish.
> > > > > > > >
> > > > > > > > In any case, what are you trying now and what isn't
working?
> > > > > > > >
> > > > > > > > Leif
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Is anyone aware of a way to get DynAPI 3 working with
a
> > > secure
> > > > > > http
> > > > > > > > server?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > >
> > > > > > > > > Jeremy
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > Oracle
> > > > > > 10g.
> > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > > FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > Oracle
> > > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > > Oracle 10g.
> > > >
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 16:14:35
|
Here's my solution for anyone who may be interested. It works with both
secure and non-secure servers. In ioelement.js and the function _doRequest
it should read as follows starting on line 225
if (url.indexOf('http')!=0) {
var urlP = (this.doc.URL.indexOf('https') == 0) ? 'https://'
: 'http://';
if (url.substr(0,1)=='/') url =
urlP+dynapi.frame.document.domain+url;
else url = dynapi.documentPath+url;
}
Jeremy
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 12:00 PM
Subject: Re: [Dynapi-Help] secure http
> Right. So if you call ioelement.post(handler, data, function) with handler
> set to a relative URL, this line expands it out to the full URI. What I'm
> thinking is that you could use the DOM to get something like this.doc.URL
> (not sure if this is the best place to check) and check if the prefix is
> http or https and then prepend the result to the url vaiable in
_doRequest.
>
> I'm gonna try that here on my local copy. It may be worth putting in the
> CVS, although I don't think it's been updated since Nov.
>
> Jeremy
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 11:04 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > To get the protocol name you'll need to look at the full URI
> > (http://site/path/file.html) and not just the URL (/path/file.html). At
> > that point in the script, it is making decisions without enough
> > information, based only on the URL. So, it's got to be pulled from
> > elsewhere. As I said before, I never really modified the ioelement.js
> > (except some other minor thing), so I haven't got a good sense of what
> > goes on in there, yet.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 10:52 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Ok, I tried changing that http to https in ioelement.js and it worked.
> > > Sorry, I should have tried it before I wrote that last email.
> > >
> > > What I'm wondering now is if there is a way to differentiate between
> > > secure/non-secure connections so that the appropriate prefix
> > (http/https)
> > > could be attached at
> > >
> > > if (url.substr(0,1)=='/') url =
> > 'http://'+dynapi.frame.document.domain+url;
> > >
> > > and you wouldn't have to run separate copies of dynapi for secure and
> > > non-secure servers.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Leif,
> > > >
> > > > What you have described is exactly what I am trying to do.
> > > >
> > > > > script over HTTPS to get data from a MySQL server. I've used
> > ioelement
> > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> > all
> > > > > these servers are running on the same mahine and I have total
> > control
> > > >
> > > > Because Mozilla crashes, I'm having a difficult time debugging the
> > error.
> > > > IE's script debugger says it's crashing in _monitorTransactions in
> > > > ioelement.js. at the following if statement:
> > > >
> > > > elm=this.getScope(r[4]);
> > > > if(elm && elm.document && !elm.document._tranState){
> > > >
> > > > So I'm assuming the getScope function on the previous line is
> > returning a
> > > > null value. I'm not sure why this would be, and maybe I'm way off
> > base.
> > > The
> > > > only other thing I'm wondering about is if the following lines are
> > causing
> > > a
> > > > problem in _doRequest
> > > >
> > > > if (url.indexOf('http')!=0) {
> > > > if (url.substr(0,1)=='/') url =
> > > > 'http://'+dynapi.frame.document.domain+url;
> > > > else url = dynapi.documentPath+url;
> > > > }
> > > >
> > > > Did you have to change these lines to set the url variable to start
> > with
> > > > https rather than http?
> > > >
> > > > Thanks for your help.
> > > >
> > > > Jeremy
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Hmm, not sure about that one. But the first part makes sense: you
> > don't
> > > > > want to start loading insecure data over a secure connection,
> > because
> > > > > then the data that is loaded is not going to be transmitted
> > securely,
> > > > > giving the false impression to the user that the entire session is
> > > > > secure. The second part, about the browser going into a loop and
> > giving
> > > > > an application error, seems like a bug a Doug suggested, but I
> > have no
> > > > > idea.
> > > > >
> > > > > How are you calling this PHP script? Is there any reason you
> > can't use
> > > > > a secure URL to the PHP script in the JS code?
> > > > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > > > secure connection, and the browser won't know or care what the PHP
> > > > > script does insecurely while talking to the database (which could
> > be
> > > > > another point of concern from the security view). I use a plain
> > PHP
> > > > > script over HTTPS to get data from a MySQL server. I've used
> > ioelement
> > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> > all
> > > > > these servers are running on the same mahine and I have total
> > control
> > > > > over it, so I know it's configured to work the way I expect. I
> > haven't
> > > > > tried having the initial web page on one HTTPS server, and calling
> > the
> > > > > PHP from a separate HTTP/HTTPS server, which may be what you're
> > doing.
> > > > >
> > > > > If you have control over the database machine, and it's a UNIX
> > box, you
> > > > > can install a program that enables SSL connections to arbitrary
> > server
> > > > > programs, with no modification to the server. Two such programs I
> > am
> > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
> > stunnel
> > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > Apache, it
> > > > > has it's own web server functionality, but specifically for the
> > task at
> > > > > hand.
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Sorry, I should have been more specific in my original email. I
> > am
> > > > > using
> > > > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > > > scripts. It
> > > > > > works fine when it's running over http (port 80). When I switch
> > to
> > > > > https
> > > > > > (port 443), Mozilla gives me the following warning:
> > > > > >
> > > > > > Although this page is encrypted, the information you have
> > entered is
> > > > > to be
> > > > > > sent over an unencrypted connection and could easily be read by
> > a
> > > > > third
> > > > > > party.
> > > > > >
> > > > > > It asks me if wish to continue.... I click yes and then mozilla
> > goes
> > > > > into a
> > > > > > loop and gets an application error. Any idea on how I can fix
> > this. I
> > > > > really
> > > > > > need to be able to use secure http for my application.
> > > > > >
> > > > > > Jeremy
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Leif W" <war...@us...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Work in what way? It should work fine in a general sense.
> > The
> > > > > browser
> > > > > > > handles the connection to the server. The server does not
> > care what
> > > > > the
> > > > > > > file contents are, they are just static javascript files. The
> > > > > browser
> > > > > > > handles running the JavaScript, the server has no part in this
> > > > > process.
> > > > > > > I have a local copy of CVS with some of my tinkerings in it,
> > so it's
> > > > > a
> > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
> > see it
> > > > > at
> > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > automatically
> > > > > > > redirects to the secure site. I did most of my work with
> > IOElement
> > > > > and
> > > > > > > SODA here.
> > > > > > >
> > > > > > > :D Ohh yeah, the site is down right now, as I'm modifying
> > some
> > > > > Apache
> > > > > > > config settings, to get more details in my log files, and I
> > kind of
> > > > > shut
> > > > > > > the site off and started modifying some live files so I can't
> > turn
> > > > > it
> > > > > > > back up until the configs are finished. Should be tonight or
> > > > > tomorrow,
> > > > > > > once I am able to finish.
> > > > > > >
> > > > > > > In any case, what are you trying now and what isn't working?
> > > > > > >
> > > > > > > Leif
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Is anyone aware of a way to get DynAPI 3 working with a
> > secure
> > > > > http
> > > > > > > server?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > >
> > > > > > > > Jeremy
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> > FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle 10g.
> > >
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 16:00:26
|
Right. So if you call ioelement.post(handler, data, function) with handler
set to a relative URL, this line expands it out to the full URI. What I'm
thinking is that you could use the DOM to get something like this.doc.URL
(not sure if this is the best place to check) and check if the prefix is
http or https and then prepend the result to the url vaiable in _doRequest.
I'm gonna try that here on my local copy. It may be worth putting in the
CVS, although I don't think it's been updated since Nov.
Jeremy
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 11:04 AM
Subject: Re: [Dynapi-Help] secure http
> To get the protocol name you'll need to look at the full URI
> (http://site/path/file.html) and not just the URL (/path/file.html). At
> that point in the script, it is making decisions without enough
> information, based only on the URL. So, it's got to be pulled from
> elsewhere. As I said before, I never really modified the ioelement.js
> (except some other minor thing), so I haven't got a good sense of what
> goes on in there, yet.
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 10:52 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Ok, I tried changing that http to https in ioelement.js and it worked.
> > Sorry, I should have tried it before I wrote that last email.
> >
> > What I'm wondering now is if there is a way to differentiate between
> > secure/non-secure connections so that the appropriate prefix
> (http/https)
> > could be attached at
> >
> > if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> >
> > and you wouldn't have to run separate copies of dynapi for secure and
> > non-secure servers.
> >
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 10:26 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Leif,
> > >
> > > What you have described is exactly what I am trying to do.
> > >
> > > > script over HTTPS to get data from a MySQL server. I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > >
> > > Because Mozilla crashes, I'm having a difficult time debugging the
> error.
> > > IE's script debugger says it's crashing in _monitorTransactions in
> > > ioelement.js. at the following if statement:
> > >
> > > elm=this.getScope(r[4]);
> > > if(elm && elm.document && !elm.document._tranState){
> > >
> > > So I'm assuming the getScope function on the previous line is
> returning a
> > > null value. I'm not sure why this would be, and maybe I'm way off
> base.
> > The
> > > only other thing I'm wondering about is if the following lines are
> causing
> > a
> > > problem in _doRequest
> > >
> > > if (url.indexOf('http')!=0) {
> > > if (url.substr(0,1)=='/') url =
> > > 'http://'+dynapi.frame.document.domain+url;
> > > else url = dynapi.documentPath+url;
> > > }
> > >
> > > Did you have to change these lines to set the url variable to start
> with
> > > https rather than http?
> > >
> > > Thanks for your help.
> > >
> > > Jeremy
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Monday, May 03, 2004 11:22 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Hmm, not sure about that one. But the first part makes sense: you
> don't
> > > > want to start loading insecure data over a secure connection,
> because
> > > > then the data that is loaded is not going to be transmitted
> securely,
> > > > giving the false impression to the user that the entire session is
> > > > secure. The second part, about the browser going into a loop and
> giving
> > > > an application error, seems like a bug a Doug suggested, but I
> have no
> > > > idea.
> > > >
> > > > How are you calling this PHP script? Is there any reason you
> can't use
> > > > a secure URL to the PHP script in the JS code?
> > > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > > secure connection, and the browser won't know or care what the PHP
> > > > script does insecurely while talking to the database (which could
> be
> > > > another point of concern from the security view). I use a plain
> PHP
> > > > script over HTTPS to get data from a MySQL server. I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > > > over it, so I know it's configured to work the way I expect. I
> haven't
> > > > tried having the initial web page on one HTTPS server, and calling
> the
> > > > PHP from a separate HTTP/HTTPS server, which may be what you're
> doing.
> > > >
> > > > If you have control over the database machine, and it's a UNIX
> box, you
> > > > can install a program that enables SSL connections to arbitrary
> server
> > > > programs, with no modification to the server. Two such programs I
> am
> > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
> stunnel
> > > > for SWAT (Samba Web Administration Tool), which doesn't use
> Apache, it
> > > > has it's own web server functionality, but specifically for the
> task at
> > > > hand.
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Sorry, I should have been more specific in my original email. I
> am
> > > > using
> > > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > > scripts. It
> > > > > works fine when it's running over http (port 80). When I switch
> to
> > > > https
> > > > > (port 443), Mozilla gives me the following warning:
> > > > >
> > > > > Although this page is encrypted, the information you have
> entered is
> > > > to be
> > > > > sent over an unencrypted connection and could easily be read by
> a
> > > > third
> > > > > party.
> > > > >
> > > > > It asks me if wish to continue.... I click yes and then mozilla
> goes
> > > > into a
> > > > > loop and gets an application error. Any idea on how I can fix
> this. I
> > > > really
> > > > > need to be able to use secure http for my application.
> > > > >
> > > > > Jeremy
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Leif W" <war...@us...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Work in what way? It should work fine in a general sense.
> The
> > > > browser
> > > > > > handles the connection to the server. The server does not
> care what
> > > > the
> > > > > > file contents are, they are just static javascript files. The
> > > > browser
> > > > > > handles running the JavaScript, the server has no part in this
> > > > process.
> > > > > > I have a local copy of CVS with some of my tinkerings in it,
> so it's
> > > > a
> > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
> see it
> > > > at
> > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> automatically
> > > > > > redirects to the secure site. I did most of my work with
> IOElement
> > > > and
> > > > > > SODA here.
> > > > > >
> > > > > > :D Ohh yeah, the site is down right now, as I'm modifying
> some
> > > > Apache
> > > > > > config settings, to get more details in my log files, and I
> kind of
> > > > shut
> > > > > > the site off and started modifying some live files so I can't
> turn
> > > > it
> > > > > > back up until the configs are finished. Should be tonight or
> > > > tomorrow,
> > > > > > once I am able to finish.
> > > > > >
> > > > > > In any case, what are you trying now and what isn't working?
> > > > > >
> > > > > > Leif
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > Subject: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Is anyone aware of a way to get DynAPI 3 working with a
> secure
> > > > http
> > > > > > server?
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Jeremy
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> >
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Leif W <war...@us...> - 2004-05-05 15:37:07
|
Oh, if you're using the host name, make sure you've enabled HTTP/1.1. HTTP/1.0 doesn't send a Host header. :) "GET /DynAPI_CVSROOT/ HTTP/1.0" Leif ----- Original Message ----- From: "Leif W" <war...@us...> To: <dyn...@li...> Sent: Wednesday, May 05, 2004 11:29 AM Subject: [Dynapi-Help] To whoever is trying to access dynapi.kicks-ass.net > Don't use the IP address, use the host name. The Apache server needs > the "Host" header sent by a client request to a non-IP address, to know > what site to pick out of the few I have. My "default" site is set up > with no pages, just to catch annoying virus probes from cluttering the > valid log file entries in the other logs. > > ==> /var/www/default/logs/default-access-VhostCombinedIO.log <== > default w.x.y.z - - 2004-05-05,126-19-3@11:23:52 -0400 "GET > /DynAPI_CVSROOT/ HTTP/1.0" 404 340 "-" "Mozilla/4.0 (compatible; MSIE > 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" 477 606 1096 > > ==> /var/www/default/logs/default-error.log <== > [Wed May 05 11:23:52 2004] [error] [client w.x.y.z] File does not exist: > /mnt/hdb1/web/default/public_html/DynAPI_CVSROOT > > Leif > > P.S. 'They' are watching you! ;-) And 'I' am 'They'! > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > |
|
From: Leif W <war...@us...> - 2004-05-05 15:29:05
|
Don't use the IP address, use the host name. The Apache server needs the "Host" header sent by a client request to a non-IP address, to know what site to pick out of the few I have. My "default" site is set up with no pages, just to catch annoying virus probes from cluttering the valid log file entries in the other logs. ==> /var/www/default/logs/default-access-VhostCombinedIO.log <== default w.x.y.z - - 2004-05-05,126-19-3@11:23:52 -0400 "GET /DynAPI_CVSROOT/ HTTP/1.0" 404 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)" 477 606 1096 ==> /var/www/default/logs/default-error.log <== [Wed May 05 11:23:52 2004] [error] [client w.x.y.z] File does not exist: /mnt/hdb1/web/default/public_html/DynAPI_CVSROOT Leif P.S. 'They' are watching you! ;-) And 'I' am 'They'! |
|
From: Leif W <war...@us...> - 2004-05-05 15:04:38
|
To get the protocol name you'll need to look at the full URI
(http://site/path/file.html) and not just the URL (/path/file.html). At
that point in the script, it is making decisions without enough
information, based only on the URL. So, it's got to be pulled from
elsewhere. As I said before, I never really modified the ioelement.js
(except some other minor thing), so I haven't got a good sense of what
goes on in there, yet.
Leif
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:52 AM
Subject: Re: [Dynapi-Help] secure http
> Ok, I tried changing that http to https in ioelement.js and it worked.
> Sorry, I should have tried it before I wrote that last email.
>
> What I'm wondering now is if there is a way to differentiate between
> secure/non-secure connections so that the appropriate prefix
(http/https)
> could be attached at
>
> if (url.substr(0,1)=='/') url =
'http://'+dynapi.frame.document.domain+url;
>
> and you wouldn't have to run separate copies of dynapi for secure and
> non-secure servers.
>
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 10:26 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Leif,
> >
> > What you have described is exactly what I am trying to do.
> >
> > > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > > these servers are running on the same mahine and I have total
control
> >
> > Because Mozilla crashes, I'm having a difficult time debugging the
error.
> > IE's script debugger says it's crashing in _monitorTransactions in
> > ioelement.js. at the following if statement:
> >
> > elm=this.getScope(r[4]);
> > if(elm && elm.document && !elm.document._tranState){
> >
> > So I'm assuming the getScope function on the previous line is
returning a
> > null value. I'm not sure why this would be, and maybe I'm way off
base.
> The
> > only other thing I'm wondering about is if the following lines are
causing
> a
> > problem in _doRequest
> >
> > if (url.indexOf('http')!=0) {
> > if (url.substr(0,1)=='/') url =
> > 'http://'+dynapi.frame.document.domain+url;
> > else url = dynapi.documentPath+url;
> > }
> >
> > Did you have to change these lines to set the url variable to start
with
> > https rather than http?
> >
> > Thanks for your help.
> >
> > Jeremy
> >
> >
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 11:22 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Hmm, not sure about that one. But the first part makes sense: you
don't
> > > want to start loading insecure data over a secure connection,
because
> > > then the data that is loaded is not going to be transmitted
securely,
> > > giving the false impression to the user that the entire session is
> > > secure. The second part, about the browser going into a loop and
giving
> > > an application error, seems like a bug a Doug suggested, but I
have no
> > > idea.
> > >
> > > How are you calling this PHP script? Is there any reason you
can't use
> > > a secure URL to the PHP script in the JS code?
> > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > secure connection, and the browser won't know or care what the PHP
> > > script does insecurely while talking to the database (which could
be
> > > another point of concern from the security view). I use a plain
PHP
> > > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > > these servers are running on the same mahine and I have total
control
> > > over it, so I know it's configured to work the way I expect. I
haven't
> > > tried having the initial web page on one HTTPS server, and calling
the
> > > PHP from a separate HTTP/HTTPS server, which may be what you're
doing.
> > >
> > > If you have control over the database machine, and it's a UNIX
box, you
> > > can install a program that enables SSL connections to arbitrary
server
> > > programs, with no modification to the server. Two such programs I
am
> > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
stunnel
> > > for SWAT (Samba Web Administration Tool), which doesn't use
Apache, it
> > > has it's own web server functionality, but specifically for the
task at
> > > hand.
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Monday, May 03, 2004 9:47 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Sorry, I should have been more specific in my original email. I
am
> > > using
> > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > scripts. It
> > > > works fine when it's running over http (port 80). When I switch
to
> > > https
> > > > (port 443), Mozilla gives me the following warning:
> > > >
> > > > Although this page is encrypted, the information you have
entered is
> > > to be
> > > > sent over an unencrypted connection and could easily be read by
a
> > > third
> > > > party.
> > > >
> > > > It asks me if wish to continue.... I click yes and then mozilla
goes
> > > into a
> > > > loop and gets an application error. Any idea on how I can fix
this. I
> > > really
> > > > need to be able to use secure http for my application.
> > > >
> > > > Jeremy
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Work in what way? It should work fine in a general sense.
The
> > > browser
> > > > > handles the connection to the server. The server does not
care what
> > > the
> > > > > file contents are, they are just static javascript files. The
> > > browser
> > > > > handles running the JavaScript, the server has no part in this
> > > process.
> > > > > I have a local copy of CVS with some of my tinkerings in it,
so it's
> > > a
> > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
see it
> > > at
> > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
automatically
> > > > > redirects to the secure site. I did most of my work with
IOElement
> > > and
> > > > > SODA here.
> > > > >
> > > > > :D Ohh yeah, the site is down right now, as I'm modifying
some
> > > Apache
> > > > > config settings, to get more details in my log files, and I
kind of
> > > shut
> > > > > the site off and started modifying some live files so I can't
turn
> > > it
> > > > > back up until the configs are finished. Should be tonight or
> > > tomorrow,
> > > > > once I am able to finish.
> > > > >
> > > > > In any case, what are you trying now and what isn't working?
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > Subject: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Is anyone aware of a way to get DynAPI 3 working with a
secure
> > > http
> > > > > server?
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Jeremy
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle 10g.
>
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
>
|
|
From: Leif W <war...@us...> - 2004-05-05 15:00:53
|
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:26 AM
Subject: Re: [Dynapi-Help] secure http
> Leif,
>
> What you have described is exactly what I am trying to do.
>
> > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > these servers are running on the same mahine and I have total
control
>
> Because Mozilla crashes, I'm having a difficult time debugging the
error.
> IE's script debugger says it's crashing in _monitorTransactions in
> ioelement.js. at the following if statement:
>
> elm=this.getScope(r[4]);
> if(elm && elm.document && !elm.document._tranState){
>
> So I'm assuming the getScope function on the previous line is
returning a
> null value. I'm not sure why this would be, and maybe I'm way off
base. The
> only other thing I'm wondering about is if the following lines are
causing a
> problem in _doRequest
>
> if (url.indexOf('http')!=0) {
> if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Did you have to change these lines to set the url variable to start
with
> https rather than http?
Ahh, I didn't touch the JavaScript, but maybe you found a bug, I don't
know. It may or may not be the right piece of code we're looking at.
The string 'http' is a subset of 'https', and starts at the exact same
spot, i.e.not 'http' and 'XYZhttps', so that url.indexOf() call should
work, which is why I think it may not be the right line of code, but it
made me think of something.
My Apache server is configured to do SSL only if available, so any HTTP
requests to my site get a permenent redirection to the HTTPS url, so
it's transparent to the browser. But it's probably not a common
scenario on the net in general. ;-) Yours is probably the common case.
Did you try to tweak the lines to look for https in the URL as well?
I'll look at this too.
I'll change my server behaviour not to redirect, and watch the secure
and regular logs, and see if the SSL session tries calling for a file on
port 80. This is what your browser indicates, but I personally like to
see both sides of the story. Check your Server logs too, if possible.
Mine's so low traffic, I just leave 'tail -f *.log', but even if your
server is busy, you could use 'tail -f site*.log | grep
specific_filename', which is some file only you are looking at.
Next, look in the JS files to where the script actually fetches the file
via http, and then just go back from there to see how the URL is built
up. IMO it should be able to take ANY url of ANY form. What if I wrote
my own protocol ABC:// which fetched files from a "file server" or
something. The script should not break because ABC != http.
Leif
P.S. Hmm, I should make my logs into TSV logs. It's very hard to
extract information from specific fields when all you can split on is a
space, and many fields have space within the content. ^^
> Thanks for your help.
>
> Jeremy
>
>
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 11:22 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Hmm, not sure about that one. But the first part makes sense: you
don't
> > want to start loading insecure data over a secure connection,
because
> > then the data that is loaded is not going to be transmitted
securely,
> > giving the false impression to the user that the entire session is
> > secure. The second part, about the browser going into a loop and
giving
> > an application error, seems like a bug a Doug suggested, but I have
no
> > idea.
> >
> > How are you calling this PHP script? Is there any reason you can't
use
> > a secure URL to the PHP script in the JS code?
> > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > secure connection, and the browser won't know or care what the PHP
> > script does insecurely while talking to the database (which could be
> > another point of concern from the security view). I use a plain PHP
> > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > these servers are running on the same mahine and I have total
control
> > over it, so I know it's configured to work the way I expect. I
haven't
> > tried having the initial web page on one HTTPS server, and calling
the
> > PHP from a separate HTTP/HTTPS server, which may be what you're
doing.
> >
> > If you have control over the database machine, and it's a UNIX box,
you
> > can install a program that enables SSL connections to arbitrary
server
> > programs, with no modification to the server. Two such programs I
am
> > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
stunnel
> > for SWAT (Samba Web Administration Tool), which doesn't use Apache,
it
> > has it's own web server functionality, but specifically for the task
at
> > hand.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 9:47 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Sorry, I should have been more specific in my original email. I am
> > using
> > > Dynapi 3 with ioelement.js to get data from a database via php
> > scripts. It
> > > works fine when it's running over http (port 80). When I switch to
> > https
> > > (port 443), Mozilla gives me the following warning:
> > >
> > > Although this page is encrypted, the information you have entered
is
> > to be
> > > sent over an unencrypted connection and could easily be read by a
> > third
> > > party.
> > >
> > > It asks me if wish to continue.... I click yes and then mozilla
goes
> > into a
> > > loop and gets an application error. Any idea on how I can fix
this. I
> > really
> > > need to be able to use secure http for my application.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 10:08 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Work in what way? It should work fine in a general sense. The
> > browser
> > > > handles the connection to the server. The server does not care
what
> > the
> > > > file contents are, they are just static javascript files. The
> > browser
> > > > handles running the JavaScript, the server has no part in this
> > process.
> > > > I have a local copy of CVS with some of my tinkerings in it, so
it's
> > a
> > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see
it
> > at
> > > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > > redirects to the secure site. I did most of my work with
IOElement
> > and
> > > > SODA here.
> > > >
> > > > :D Ohh yeah, the site is down right now, as I'm modifying some
> > Apache
> > > > config settings, to get more details in my log files, and I kind
of
> > shut
> > > > the site off and started modifying some live files so I can't
turn
> > it
> > > > back up until the configs are finished. Should be tonight or
> > tomorrow,
> > > > once I am able to finish.
> > > >
> > > > In any case, what are you trying now and what isn't working?
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > Subject: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> > http
> > > > server?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jeremy
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 14:52:25
|
Ok, I tried changing that http to https in ioelement.js and it worked.
Sorry, I should have tried it before I wrote that last email.
What I'm wondering now is if there is a way to differentiate between
secure/non-secure connections so that the appropriate prefix (http/https)
could be attached at
if (url.substr(0,1)=='/') url = 'http://'+dynapi.frame.document.domain+url;
and you wouldn't have to run separate copies of dynapi for secure and
non-secure servers.
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:26 AM
Subject: Re: [Dynapi-Help] secure http
> Leif,
>
> What you have described is exactly what I am trying to do.
>
> > script over HTTPS to get data from a MySQL server. I've used ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> > these servers are running on the same mahine and I have total control
>
> Because Mozilla crashes, I'm having a difficult time debugging the error.
> IE's script debugger says it's crashing in _monitorTransactions in
> ioelement.js. at the following if statement:
>
> elm=this.getScope(r[4]);
> if(elm && elm.document && !elm.document._tranState){
>
> So I'm assuming the getScope function on the previous line is returning a
> null value. I'm not sure why this would be, and maybe I'm way off base.
The
> only other thing I'm wondering about is if the following lines are causing
a
> problem in _doRequest
>
> if (url.indexOf('http')!=0) {
> if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Did you have to change these lines to set the url variable to start with
> https rather than http?
>
> Thanks for your help.
>
> Jeremy
>
>
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 11:22 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Hmm, not sure about that one. But the first part makes sense: you don't
> > want to start loading insecure data over a secure connection, because
> > then the data that is loaded is not going to be transmitted securely,
> > giving the false impression to the user that the entire session is
> > secure. The second part, about the browser going into a loop and giving
> > an application error, seems like a bug a Doug suggested, but I have no
> > idea.
> >
> > How are you calling this PHP script? Is there any reason you can't use
> > a secure URL to the PHP script in the JS code?
> > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > secure connection, and the browser won't know or care what the PHP
> > script does insecurely while talking to the database (which could be
> > another point of concern from the security view). I use a plain PHP
> > script over HTTPS to get data from a MySQL server. I've used ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> > these servers are running on the same mahine and I have total control
> > over it, so I know it's configured to work the way I expect. I haven't
> > tried having the initial web page on one HTTPS server, and calling the
> > PHP from a separate HTTP/HTTPS server, which may be what you're doing.
> >
> > If you have control over the database machine, and it's a UNIX box, you
> > can install a program that enables SSL connections to arbitrary server
> > programs, with no modification to the server. Two such programs I am
> > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel
> > for SWAT (Samba Web Administration Tool), which doesn't use Apache, it
> > has it's own web server functionality, but specifically for the task at
> > hand.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 9:47 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Sorry, I should have been more specific in my original email. I am
> > using
> > > Dynapi 3 with ioelement.js to get data from a database via php
> > scripts. It
> > > works fine when it's running over http (port 80). When I switch to
> > https
> > > (port 443), Mozilla gives me the following warning:
> > >
> > > Although this page is encrypted, the information you have entered is
> > to be
> > > sent over an unencrypted connection and could easily be read by a
> > third
> > > party.
> > >
> > > It asks me if wish to continue.... I click yes and then mozilla goes
> > into a
> > > loop and gets an application error. Any idea on how I can fix this. I
> > really
> > > need to be able to use secure http for my application.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 10:08 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Work in what way? It should work fine in a general sense. The
> > browser
> > > > handles the connection to the server. The server does not care what
> > the
> > > > file contents are, they are just static javascript files. The
> > browser
> > > > handles running the JavaScript, the server has no part in this
> > process.
> > > > I have a local copy of CVS with some of my tinkerings in it, so it's
> > a
> > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it
> > at
> > > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > > redirects to the secure site. I did most of my work with IOElement
> > and
> > > > SODA here.
> > > >
> > > > :D Ohh yeah, the site is down right now, as I'm modifying some
> > Apache
> > > > config settings, to get more details in my log files, and I kind of
> > shut
> > > > the site off and started modifying some live files so I can't turn
> > it
> > > > back up until the configs are finished. Should be tonight or
> > tomorrow,
> > > > once I am able to finish.
> > > >
> > > > In any case, what are you trying now and what isn't working?
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > Subject: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> > http
> > > > server?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jeremy
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
108 messages has been excluded from this view by a project administrator.
