Menu
▾
▴
dynapi-help
|
From: Jeremy W. <je...@ma...> - 2004-04-30 19:35:36
|
Is anyone aware of a way to get DynAPI 3 working with a secure http server? Thanks, Jeremy |
|
From: Leif W <war...@us...> - 2004-05-01 02:08:31
|
Work in what way? It should work fine in a general sense. The browser handles the connection to the server. The server does not care what the file contents are, they are just static javascript files. The browser handles running the JavaScript, the server has no part in this process. I have a local copy of CVS with some of my tinkerings in it, so it's a "dirty" copy of the CVS, but it's 99.99% untouched. You can see it at http://dynapi.kicks-ass.net/ , and you'll see, it automatically redirects to the secure site. I did most of my work with IOElement and SODA here. :D Ohh yeah, the site is down right now, as I'm modifying some Apache config settings, to get more details in my log files, and I kind of shut the site off and started modifying some live files so I can't turn it back up until the configs are finished. Should be tonight or tomorrow, once I am able to finish. In any case, what are you trying now and what isn't working? Leif ----- Original Message ----- From: "Jeremy Wanamaker" <je...@ma...> To: <dyn...@li...> Sent: Friday, April 30, 2004 3:35 PM Subject: [Dynapi-Help] secure http > Is anyone aware of a way to get DynAPI 3 working with a secure http server? > > Thanks, > > Jeremy |
|
From: Jeremy W. <je...@ma...> - 2004-05-03 13:47:11
|
Sorry, I should have been more specific in my original email. I am using Dynapi 3 with ioelement.js to get data from a database via php scripts. It works fine when it's running over http (port 80). When I switch to https (port 443), Mozilla gives me the following warning: Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. It asks me if wish to continue.... I click yes and then mozilla goes into a loop and gets an application error. Any idea on how I can fix this. I really need to be able to use secure http for my application. Jeremy ----- Original Message ----- From: "Leif W" <war...@us...> To: <dyn...@li...> Sent: Friday, April 30, 2004 10:08 PM Subject: Re: [Dynapi-Help] secure http > Work in what way? It should work fine in a general sense. The browser > handles the connection to the server. The server does not care what the > file contents are, they are just static javascript files. The browser > handles running the JavaScript, the server has no part in this process. > I have a local copy of CVS with some of my tinkerings in it, so it's a > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it at > http://dynapi.kicks-ass.net/ , and you'll see, it automatically > redirects to the secure site. I did most of my work with IOElement and > SODA here. > > :D Ohh yeah, the site is down right now, as I'm modifying some Apache > config settings, to get more details in my log files, and I kind of shut > the site off and started modifying some live files so I can't turn it > back up until the configs are finished. Should be tonight or tomorrow, > once I am able to finish. > > In any case, what are you trying now and what isn't working? > > Leif > > ----- Original Message ----- > From: "Jeremy Wanamaker" <je...@ma...> > To: <dyn...@li...> > Sent: Friday, April 30, 2004 3:35 PM > Subject: [Dynapi-Help] secure http > > > > Is anyone aware of a way to get DynAPI 3 working with a secure http > server? > > > > Thanks, > > > > Jeremy > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > |
|
From: Doug M. <do...@cr...> - 2004-05-03 14:31:47
|
I may be misstaken, but I recall a bug in mozilla regarding secure connections.. check the mozilla.org bugzilla.. ----- Original Message ----- From: "Jeremy Wanamaker" <je...@ma...> To: <dyn...@li...> Sent: Monday, May 03, 2004 9:47 AM Subject: Re: [Dynapi-Help] secure http > Sorry, I should have been more specific in my original email. I am using > Dynapi 3 with ioelement.js to get data from a database via php scripts. It > works fine when it's running over http (port 80). When I switch to https > (port 443), Mozilla gives me the following warning: > > Although this page is encrypted, the information you have entered is to be > sent over an unencrypted connection and could easily be read by a third > party. > > It asks me if wish to continue.... I click yes and then mozilla goes into a > loop and gets an application error. Any idea on how I can fix this. I really > need to be able to use secure http for my application. > > Jeremy > > ----- Original Message ----- > From: "Leif W" <war...@us...> > To: <dyn...@li...> > Sent: Friday, April 30, 2004 10:08 PM > Subject: Re: [Dynapi-Help] secure http > > > > Work in what way? It should work fine in a general sense. The browser > > handles the connection to the server. The server does not care what the > > file contents are, they are just static javascript files. The browser > > handles running the JavaScript, the server has no part in this process. > > I have a local copy of CVS with some of my tinkerings in it, so it's a > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it at > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically > > redirects to the secure site. I did most of my work with IOElement and > > SODA here. > > > > :D Ohh yeah, the site is down right now, as I'm modifying some Apache > > config settings, to get more details in my log files, and I kind of shut > > the site off and started modifying some live files so I can't turn it > > back up until the configs are finished. Should be tonight or tomorrow, > > once I am able to finish. > > > > In any case, what are you trying now and what isn't working? > > > > Leif > > > > ----- Original Message ----- > > From: "Jeremy Wanamaker" <je...@ma...> > > To: <dyn...@li...> > > Sent: Friday, April 30, 2004 3:35 PM > > Subject: [Dynapi-Help] secure http > > > > > > > Is anyone aware of a way to get DynAPI 3 working with a secure http > > server? > > > > > > Thanks, > > > > > > Jeremy > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: Oracle 10g > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > _______________________________________________ > > Dynapi-Help mailing list > > Dyn...@li... > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/04 |
|
From: Leif W <war...@us...> - 2004-05-03 15:22:31
|
Hmm, not sure about that one. But the first part makes sense: you don't want to start loading insecure data over a secure connection, because then the data that is loaded is not going to be transmitted securely, giving the false impression to the user that the entire session is secure. The second part, about the browser going into a loop and giving an application error, seems like a bug a Doug suggested, but I have no idea. How are you calling this PHP script? Is there any reason you can't use a secure URL to the PHP script in the JS code? https://domain.dom/sql.php Then, you are just talking HTTP over a secure connection, and the browser won't know or care what the PHP script does insecurely while talking to the database (which could be another point of concern from the security view). I use a plain PHP script over HTTPS to get data from a MySQL server. I've used ioelement to talk to both Perl and PHP scripts, over HTTPS. But in my case, all these servers are running on the same mahine and I have total control over it, so I know it's configured to work the way I expect. I haven't tried having the initial web page on one HTTPS server, and calling the PHP from a separate HTTP/HTTPS server, which may be what you're doing. If you have control over the database machine, and it's a UNIX box, you can install a program that enables SSL connections to arbitrary server programs, with no modification to the server. Two such programs I am aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel for SWAT (Samba Web Administration Tool), which doesn't use Apache, it has it's own web server functionality, but specifically for the task at hand. Leif ----- Original Message ----- From: "Jeremy Wanamaker" <je...@ma...> To: <dyn...@li...> Sent: Monday, May 03, 2004 9:47 AM Subject: Re: [Dynapi-Help] secure http > Sorry, I should have been more specific in my original email. I am using > Dynapi 3 with ioelement.js to get data from a database via php scripts. It > works fine when it's running over http (port 80). When I switch to https > (port 443), Mozilla gives me the following warning: > > Although this page is encrypted, the information you have entered is to be > sent over an unencrypted connection and could easily be read by a third > party. > > It asks me if wish to continue.... I click yes and then mozilla goes into a > loop and gets an application error. Any idea on how I can fix this. I really > need to be able to use secure http for my application. > > Jeremy > > ----- Original Message ----- > From: "Leif W" <war...@us...> > To: <dyn...@li...> > Sent: Friday, April 30, 2004 10:08 PM > Subject: Re: [Dynapi-Help] secure http > > > > Work in what way? It should work fine in a general sense. The browser > > handles the connection to the server. The server does not care what the > > file contents are, they are just static javascript files. The browser > > handles running the JavaScript, the server has no part in this process. > > I have a local copy of CVS with some of my tinkerings in it, so it's a > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it at > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically > > redirects to the secure site. I did most of my work with IOElement and > > SODA here. > > > > :D Ohh yeah, the site is down right now, as I'm modifying some Apache > > config settings, to get more details in my log files, and I kind of shut > > the site off and started modifying some live files so I can't turn it > > back up until the configs are finished. Should be tonight or tomorrow, > > once I am able to finish. > > > > In any case, what are you trying now and what isn't working? > > > > Leif > > > > ----- Original Message ----- > > From: "Jeremy Wanamaker" <je...@ma...> > > To: <dyn...@li...> > > Sent: Friday, April 30, 2004 3:35 PM > > Subject: [Dynapi-Help] secure http > > > > > > > Is anyone aware of a way to get DynAPI 3 working with a secure http > > server? > > > > > > Thanks, > > > > > > Jeremy > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: Oracle 10g > > Get certified on the hottest thing ever to hit the market... Oracle 10g. > > Take an Oracle 10g class now, and we'll give you the exam FREE. > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > > _______________________________________________ > > Dynapi-Help mailing list > > Dyn...@li... > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > |
|
From: Kevin B. <Kev...@bb...> - 2004-05-04 10:08:50
|
Hello,
create a layer in Mozilla:
...
#testL {position:absolute; left:176px; top: 0px; z-index:10;
visibility:hidden;}
...
<div id="testL" name="testL"></div>
...
If you try to get the visebility in Mozilla...
function myVisibleTest () {
testDynLayer = DynLayer.getInline("testL");
alert(testDynLayer.getVisible());
}
... Mozilla returns true.
(IE returns false)
A BUG?
(I already have a workaround but could you please fix it?)
Thanks
Kevin |
|
From: Leif W <war...@us...> - 2004-05-04 23:14:49
|
Hello,
Send plain text please.
Which version of DynAPI? If DynAPI 2, I'm not sure. If DynAPI 3, then
try getting the source from CVS. See if it's fixed. Is your solution a
"patch" to the library or a "workaround" in your app only? In any case,
please describe your solution better. Submit the modified files as a
patch. Or create unified diffs (diff -u file.old file.new) for each
modified file, to make patching easier for the rest of us. :-) Check
out cygwin if you're on windows and you have no idea where to get the
diff program.
I'll try the test case in my (dirty) copy of the CVS. I should get a
clean copy and reconcile any differences.
Leif
----- Original Message -----
From: Kevin Breynck
To: dyn...@li...
Sent: Tuesday, May 04, 2004 6:08 AM
Subject: [Dynapi-Help] getVisible() BUG in Mozilla
Hello,
create a layer in Mozilla:
...
#testL {position:absolute; left:176px; top: 0px; z-index:10;
visibility:hidden;}
...
<div id="testL" name="testL"></div>
...
If you try to get the visebility in Mozilla...
function myVisibleTest () {
testDynLayer = DynLayer.getInline("testL");
alert(testDynLayer.getVisible());
}
... Mozilla returns true.
(IE returns false)
A BUG?
(I already have a workaround but could you please fix it?)
Thanks
Kevin
|
|
From: Doug M. <do...@cr...> - 2004-05-04 23:17:55
|
a little more info would help..
1) What version of the DynAPI are you using?
2) what version of mozilla are you using? (include weather it's Mozilla, =
Nescape, Firefox, thunderbirs, camino, ect)
3) what operating system are you suing? (Windows 98, 98SE, win2k win2k3 =
MaxOS10, ect.
THEN we may be able to help.
Thank You.
Doug
----- Original Message -----=20
From: Kevin Breynck=20
To: dyn...@li...=20
Sent: Tuesday, May 04, 2004 6:08 AM
Subject: [Dynapi-Help] getVisible() BUG in Mozilla
Hello,=20
create a layer in Mozilla:=20
...=20
#testL {position:absolute; left:176px; top: 0px; z-index:10; =
visibility:hidden;}=20
...=20
<div id=3D"testL" name=3D"testL"></div>=20
...=20
If you try to get the visebility in Mozilla...=20
function myVisibleTest () {=20
testDynLayer =3D DynLayer.getInline("testL");=20
alert(testDynLayer.getVisible());=20
}=20
... Mozilla returns true.=20
(IE returns false)=20
A BUG?=20
(I already have a workaround but could you please fix it?)=20
Thanks
Kevin=20
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/2004 |
|
From: Leif W <war...@us...> - 2004-05-05 00:52:35
|
Rgeardless of the reporter's version and platform, I think I can verify
this bug.
I'm not using a fresh CVS, but there haven't been any emails about
updates in a long time, and when there last was an email notification, I
updated my copy of the CVS. But I'll pull a fresh copy soon and
reconcile the differences. Just doing other things at the moment. But
I think my version is a pretty good test.
Platform: Windows XP Professional.
Using these browsers to test:
true Mozilla Firefox 0.8
false IE 6.0.2800.1106.xpsp2.030422-1633; Update Versions: SP1, Q837009,
Q832894; Q831167
true Mozilla 1.7 RC1
true Opera 7.20.3087
Leif
----- Original Message -----
From: Doug Melvin
To: dyn...@li...
Sent: Tuesday, May 04, 2004 7:17 PM
Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla
a little more info would help..
1) What version of the DynAPI are you using?
2) what version of mozilla are you using? (include weather it's Mozilla,
Nescape, Firefox, thunderbirs, camino, ect)
3) what operating system are you suing? (Windows 98, 98SE, win2k win2k3
MaxOS10, ect.
THEN we may be able to help.
Thank You.
Doug
----- Original Message -----
From: Kevin Breynck
To: dyn...@li...
Sent: Tuesday, May 04, 2004 6:08 AM
Subject: [Dynapi-Help] getVisible() BUG in Mozilla
Hello,
create a layer in Mozilla:
...
#testL {position:absolute; left:176px; top: 0px; z-index:10;
visibility:hidden;}
...
<div id="testL" name="testL"></div>
...
If you try to get the visebility in Mozilla...
function myVisibleTest () {
testDynLayer = DynLayer.getInline("testL");
alert(testDynLayer.getVisible());
}
... Mozilla returns true.
(IE returns false)
A BUG?
(I already have a workaround but could you please fix it?)
Thanks
Kevin
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/2004
|
|
From: Leif W <war...@us...> - 2004-05-05 00:55:27
|
Oh, a URL for the test page is here: http://dynapi.kicks-ass.net/DynAPI_CVSROOT/test/visibility_bug/ Leif ----- Original Message ----- From: "Leif W" <war...@us...> To: <dyn...@li...> Sent: Tuesday, May 04, 2004 8:52 PM Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > Rgeardless of the reporter's version and platform, I think I can verify > this bug. > > I'm not using a fresh CVS, but there haven't been any emails about > updates in a long time, and when there last was an email notification, I > updated my copy of the CVS. But I'll pull a fresh copy soon and > reconcile the differences. Just doing other things at the moment. But > I think my version is a pretty good test. > > Platform: Windows XP Professional. > Using these browsers to test: > > true Mozilla Firefox 0.8 > false IE 6.0.2800.1106.xpsp2.030422-1633; Update Versions: SP1, Q837009, > Q832894; Q831167 > true Mozilla 1.7 RC1 > true Opera 7.20.3087 > > Leif > > ----- Original Message ----- > From: Doug Melvin > To: dyn...@li... > Sent: Tuesday, May 04, 2004 7:17 PM > Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > > > a little more info would help.. > 1) What version of the DynAPI are you using? > 2) what version of mozilla are you using? (include weather it's Mozilla, > Nescape, Firefox, thunderbirs, camino, ect) > 3) what operating system are you suing? (Windows 98, 98SE, win2k win2k3 > MaxOS10, ect. > > THEN we may be able to help. > > Thank You. > > Doug > > ----- Original Message ----- > From: Kevin Breynck > To: dyn...@li... > Sent: Tuesday, May 04, 2004 6:08 AM > Subject: [Dynapi-Help] getVisible() BUG in Mozilla > > > > Hello, > > create a layer in Mozilla: > > ... > > #testL {position:absolute; left:176px; top: 0px; z-index:10; > visibility:hidden;} > > ... > > <div id="testL" name="testL"></div> > > ... > > > If you try to get the visebility in Mozilla... > > function myVisibleTest () { > testDynLayer = DynLayer.getInline("testL"); > alert(testDynLayer.getVisible()); > } > > ... Mozilla returns true. > (IE returns false) > > A BUG? > > (I already have a workaround but could you please fix it?) > > > Thanks > Kevin > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/2004 > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > |
|
From: Kevin B. <Kev...@bb...> - 2004-05-05 08:15:01
|
Hi, i am using the "latest"(!?) snapshot of the DynAPI 3 Beta 1 : dynapi3x_2003_11_03.zip 03-Nov-2003 11:11 The source code on your test page is exactly what i meant. My tested Systems: ======================= Windows XP Professional ======================= false - IE 6.0.2800.1106.xpsp2.030422-1633; true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8 true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.5) Gecko/20031007 true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.6) Gecko/20040113 =============== MAC OS X 10.3.2 =============== true - Safari 1.2 (v125) The "workaround" is not a "fix" in the dynapi-ScriptLibrary. It is just a di(rty)ffrent handling. I initialise the "testL" layer with "testDynLayer.setVisible(0);". Then *.getVisible() returns what i want. Kevin "Leif W" <war...@us...> Sent by: dyn...@li... 05.05.2004 02:55 Please respond to dyn...@li... To <dyn...@li...> cc Subject Re: [Dynapi-Help] getVisible() BUG in Mozilla Oh, a URL for the test page is here: http://dynapi.kicks-ass.net/DynAPI_CVSROOT/test/visibility_bug/ Leif ----- Original Message ----- From: "Leif W" <war...@us...> To: <dyn...@li...> Sent: Tuesday, May 04, 2004 8:52 PM Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > Rgeardless of the reporter's version and platform, I think I can verify > this bug. > > I'm not using a fresh CVS, but there haven't been any emails about > updates in a long time, and when there last was an email notification, I > updated my copy of the CVS. But I'll pull a fresh copy soon and > reconcile the differences. Just doing other things at the moment. But > I think my version is a pretty good test. > > Platform: Windows XP Professional. > Using these browsers to test: > > true Mozilla Firefox 0.8 > false IE 6.0.2800.1106.xpsp2.030422-1633; Update Versions: SP1, Q837009, > Q832894; Q831167 > true Mozilla 1.7 RC1 > true Opera 7.20.3087 > > Leif > > ----- Original Message ----- > From: Doug Melvin > To: dyn...@li... > Sent: Tuesday, May 04, 2004 7:17 PM > Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > > > a little more info would help.. > 1) What version of the DynAPI are you using? > 2) what version of mozilla are you using? (include weather it's Mozilla, > Nescape, Firefox, thunderbirs, camino, ect) > 3) what operating system are you suing? (Windows 98, 98SE, win2k win2k3 > MaxOS10, ect. > > THEN we may be able to help. > > Thank You. > > Doug > > ----- Original Message ----- > From: Kevin Breynck > To: dyn...@li... > Sent: Tuesday, May 04, 2004 6:08 AM > Subject: [Dynapi-Help] getVisible() BUG in Mozilla > > > > Hello, > > create a layer in Mozilla: > > ... > > #testL {position:absolute; left:176px; top: 0px; z-index:10; > visibility:hidden;} > > ... > > <div id="testL" name="testL"></div> > > ... > > > If you try to get the visebility in Mozilla... > > function myVisibleTest () { > testDynLayer = DynLayer.getInline("testL"); > alert(testDynLayer.getVisible()); > } > > ... Mozilla returns true. > (IE returns false) > > A BUG? > > (I already have a workaround but could you please fix it?) > > > Thanks > Kevin > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/2004 > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Dynapi-Help mailing list Dyn...@li... https://lists.sourceforge.net/lists/listinfo/dynapi-help |
|
From: Leif W <war...@us...> - 2004-05-05 14:29:31
|
My test page started by copying your email (I'll put a note to give credit where is due) :) , then adding HTML, CSS, and JavaScript, then the DynAPI calls. Then I generalized the problem and posted the results of the browsers available to me. I'll put your results on there for the record. Although, I should make a submit button to call some other page and give the option to enter the data and results into a MySQL database, where I would log the IP address (and leave hidden, just publish an incremental ID# [0000-FFFF] and a total count of unique IPs), UserAgent string, test results, and date. Then if the results change, I'll not remove the failure, but enter a success with a different date. Oh, and an option to sort by each header. :D My project for the morning (I need the exercise). I haven't created it yet, but I'll make the file a PHP script namned visibility_bug.php (instead of *.html), and just change the Apache server to do a permanent redirect to it, so bookmarks won't break. http://dynapi.kicks-ass.net/DynAPI_CVSROOT/test/visibility_bug/visibility_bug.php Leif ----- Original Message ----- From: Kevin Breynck To: dyn...@li... Sent: Wednesday, May 05, 2004 4:14 AM Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla Hi, i am using the "latest"(!?) snapshot of the DynAPI 3 Beta 1 : dynapi3x_2003_11_03.zip 03-Nov-2003 11:11 The source code on your test page is exactly what i meant. My tested Systems: ======================= Windows XP Professional ======================= false - IE 6.0.2800.1106.xpsp2.030422-1633; true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.6) Gecko/20040206 Firefox/0.8 true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.5) Gecko/20031007 true - Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.6) Gecko/20040113 =============== MAC OS X 10.3.2 =============== true - Safari 1.2 (v125) The "workaround" is not a "fix" in the dynapi-ScriptLibrary. It is just a di(rty)ffrent handling. I initialise the "testL" layer with "testDynLayer.setVisible(0);". Then *.getVisible() returns what i want. Kevin "Leif W" <war...@us...> Sent by: dyn...@li... 05.05.2004 02:55 Please respond to dyn...@li... To<dyn...@li...> cc SubjectRe: [Dynapi-Help] getVisible() BUG in Mozilla Oh, a URL for the test page is here: http://dynapi.kicks-ass.net/DynAPI_CVSROOT/test/visibility_bug/ Leif ----- Original Message ----- From: "Leif W" <war...@us...> To: <dyn...@li...> Sent: Tuesday, May 04, 2004 8:52 PM Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > Rgeardless of the reporter's version and platform, I think I can verify > this bug. > > I'm not using a fresh CVS, but there haven't been any emails about > updates in a long time, and when there last was an email notification, I > updated my copy of the CVS. But I'll pull a fresh copy soon and > reconcile the differences. Just doing other things at the moment. But > I think my version is a pretty good test. > > Platform: Windows XP Professional. > Using these browsers to test: > > true Mozilla Firefox 0.8 > false IE 6.0.2800.1106.xpsp2.030422-1633; Update Versions: SP1, Q837009, > Q832894; Q831167 > true Mozilla 1.7 RC1 > true Opera 7.20.3087 > > Leif > > ----- Original Message ----- > From: Doug Melvin > To: dyn...@li... > Sent: Tuesday, May 04, 2004 7:17 PM > Subject: Re: [Dynapi-Help] getVisible() BUG in Mozilla > > > a little more info would help.. > 1) What version of the DynAPI are you using? > 2) what version of mozilla are you using? (include weather it's Mozilla, > Nescape, Firefox, thunderbirs, camino, ect) > 3) what operating system are you suing? (Windows 98, 98SE, win2k win2k3 > MaxOS10, ect. > > THEN we may be able to help. > > Thank You. > > Doug > > ----- Original Message ----- > From: Kevin Breynck > To: dyn...@li... > Sent: Tuesday, May 04, 2004 6:08 AM > Subject: [Dynapi-Help] getVisible() BUG in Mozilla > > > > Hello, > > create a layer in Mozilla: > > ... > > #testL {position:absolute; left:176px; top: 0px; z-index:10; > visibility:hidden;} > > ... > > <div id="testL" name="testL"></div> > > ... > > > If you try to get the visebility in Mozilla... > > function myVisibleTest () { > testDynLayer = DynLayer.getInline("testL"); > alert(testDynLayer.getVisible()); > } > > ... Mozilla returns true. > (IE returns false) > > A BUG? > > (I already have a workaround but could you please fix it?) > > > Thanks > Kevin > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.675 / Virus Database: 437 - Release Date: 5/2/2004 > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Dynapi-Help mailing list > Dyn...@li... > https://lists.sourceforge.net/lists/listinfo/dynapi-help > ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Dynapi-Help mailing list Dyn...@li... https://lists.sourceforge.net/lists/listinfo/dynapi-help |
|
From: Jeremy W. <je...@ma...> - 2004-05-05 14:26:33
|
Leif,
What you have described is exactly what I am trying to do.
> script over HTTPS to get data from a MySQL server. I've used ioelement
> to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> these servers are running on the same mahine and I have total control
Because Mozilla crashes, I'm having a difficult time debugging the error.
IE's script debugger says it's crashing in _monitorTransactions in
ioelement.js. at the following if statement:
elm=this.getScope(r[4]);
if(elm && elm.document && !elm.document._tranState){
So I'm assuming the getScope function on the previous line is returning a
null value. I'm not sure why this would be, and maybe I'm way off base. The
only other thing I'm wondering about is if the following lines are causing a
problem in _doRequest
if (url.indexOf('http')!=0) {
if (url.substr(0,1)=='/') url =
'http://'+dynapi.frame.document.domain+url;
else url = dynapi.documentPath+url;
}
Did you have to change these lines to set the url variable to start with
https rather than http?
Thanks for your help.
Jeremy
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Monday, May 03, 2004 11:22 AM
Subject: Re: [Dynapi-Help] secure http
> Hmm, not sure about that one. But the first part makes sense: you don't
> want to start loading insecure data over a secure connection, because
> then the data that is loaded is not going to be transmitted securely,
> giving the false impression to the user that the entire session is
> secure. The second part, about the browser going into a loop and giving
> an application error, seems like a bug a Doug suggested, but I have no
> idea.
>
> How are you calling this PHP script? Is there any reason you can't use
> a secure URL to the PHP script in the JS code?
> https://domain.dom/sql.php Then, you are just talking HTTP over a
> secure connection, and the browser won't know or care what the PHP
> script does insecurely while talking to the database (which could be
> another point of concern from the security view). I use a plain PHP
> script over HTTPS to get data from a MySQL server. I've used ioelement
> to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> these servers are running on the same mahine and I have total control
> over it, so I know it's configured to work the way I expect. I haven't
> tried having the initial web page on one HTTPS server, and calling the
> PHP from a separate HTTP/HTTPS server, which may be what you're doing.
>
> If you have control over the database machine, and it's a UNIX box, you
> can install a program that enables SSL connections to arbitrary server
> programs, with no modification to the server. Two such programs I am
> aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel
> for SWAT (Samba Web Administration Tool), which doesn't use Apache, it
> has it's own web server functionality, but specifically for the task at
> hand.
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 9:47 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Sorry, I should have been more specific in my original email. I am
> using
> > Dynapi 3 with ioelement.js to get data from a database via php
> scripts. It
> > works fine when it's running over http (port 80). When I switch to
> https
> > (port 443), Mozilla gives me the following warning:
> >
> > Although this page is encrypted, the information you have entered is
> to be
> > sent over an unencrypted connection and could easily be read by a
> third
> > party.
> >
> > It asks me if wish to continue.... I click yes and then mozilla goes
> into a
> > loop and gets an application error. Any idea on how I can fix this. I
> really
> > need to be able to use secure http for my application.
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Friday, April 30, 2004 10:08 PM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Work in what way? It should work fine in a general sense. The
> browser
> > > handles the connection to the server. The server does not care what
> the
> > > file contents are, they are just static javascript files. The
> browser
> > > handles running the JavaScript, the server has no part in this
> process.
> > > I have a local copy of CVS with some of my tinkerings in it, so it's
> a
> > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it
> at
> > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > redirects to the secure site. I did most of my work with IOElement
> and
> > > SODA here.
> > >
> > > :D Ohh yeah, the site is down right now, as I'm modifying some
> Apache
> > > config settings, to get more details in my log files, and I kind of
> shut
> > > the site off and started modifying some live files so I can't turn
> it
> > > back up until the configs are finished. Should be tonight or
> tomorrow,
> > > once I am able to finish.
> > >
> > > In any case, what are you trying now and what isn't working?
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 3:35 PM
> > > Subject: [Dynapi-Help] secure http
> > >
> > >
> > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> http
> > > server?
> > > >
> > > > Thanks,
> > > >
> > > > Jeremy
> > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 14:52:25
|
Ok, I tried changing that http to https in ioelement.js and it worked.
Sorry, I should have tried it before I wrote that last email.
What I'm wondering now is if there is a way to differentiate between
secure/non-secure connections so that the appropriate prefix (http/https)
could be attached at
if (url.substr(0,1)=='/') url = 'http://'+dynapi.frame.document.domain+url;
and you wouldn't have to run separate copies of dynapi for secure and
non-secure servers.
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:26 AM
Subject: Re: [Dynapi-Help] secure http
> Leif,
>
> What you have described is exactly what I am trying to do.
>
> > script over HTTPS to get data from a MySQL server. I've used ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> > these servers are running on the same mahine and I have total control
>
> Because Mozilla crashes, I'm having a difficult time debugging the error.
> IE's script debugger says it's crashing in _monitorTransactions in
> ioelement.js. at the following if statement:
>
> elm=this.getScope(r[4]);
> if(elm && elm.document && !elm.document._tranState){
>
> So I'm assuming the getScope function on the previous line is returning a
> null value. I'm not sure why this would be, and maybe I'm way off base.
The
> only other thing I'm wondering about is if the following lines are causing
a
> problem in _doRequest
>
> if (url.indexOf('http')!=0) {
> if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Did you have to change these lines to set the url variable to start with
> https rather than http?
>
> Thanks for your help.
>
> Jeremy
>
>
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 11:22 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Hmm, not sure about that one. But the first part makes sense: you don't
> > want to start loading insecure data over a secure connection, because
> > then the data that is loaded is not going to be transmitted securely,
> > giving the false impression to the user that the entire session is
> > secure. The second part, about the browser going into a loop and giving
> > an application error, seems like a bug a Doug suggested, but I have no
> > idea.
> >
> > How are you calling this PHP script? Is there any reason you can't use
> > a secure URL to the PHP script in the JS code?
> > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > secure connection, and the browser won't know or care what the PHP
> > script does insecurely while talking to the database (which could be
> > another point of concern from the security view). I use a plain PHP
> > script over HTTPS to get data from a MySQL server. I've used ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case, all
> > these servers are running on the same mahine and I have total control
> > over it, so I know it's configured to work the way I expect. I haven't
> > tried having the initial web page on one HTTPS server, and calling the
> > PHP from a separate HTTP/HTTPS server, which may be what you're doing.
> >
> > If you have control over the database machine, and it's a UNIX box, you
> > can install a program that enables SSL connections to arbitrary server
> > programs, with no modification to the server. Two such programs I am
> > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using stunnel
> > for SWAT (Samba Web Administration Tool), which doesn't use Apache, it
> > has it's own web server functionality, but specifically for the task at
> > hand.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 9:47 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Sorry, I should have been more specific in my original email. I am
> > using
> > > Dynapi 3 with ioelement.js to get data from a database via php
> > scripts. It
> > > works fine when it's running over http (port 80). When I switch to
> > https
> > > (port 443), Mozilla gives me the following warning:
> > >
> > > Although this page is encrypted, the information you have entered is
> > to be
> > > sent over an unencrypted connection and could easily be read by a
> > third
> > > party.
> > >
> > > It asks me if wish to continue.... I click yes and then mozilla goes
> > into a
> > > loop and gets an application error. Any idea on how I can fix this. I
> > really
> > > need to be able to use secure http for my application.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 10:08 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Work in what way? It should work fine in a general sense. The
> > browser
> > > > handles the connection to the server. The server does not care what
> > the
> > > > file contents are, they are just static javascript files. The
> > browser
> > > > handles running the JavaScript, the server has no part in this
> > process.
> > > > I have a local copy of CVS with some of my tinkerings in it, so it's
> > a
> > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see it
> > at
> > > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > > redirects to the secure site. I did most of my work with IOElement
> > and
> > > > SODA here.
> > > >
> > > > :D Ohh yeah, the site is down right now, as I'm modifying some
> > Apache
> > > > config settings, to get more details in my log files, and I kind of
> > shut
> > > > the site off and started modifying some live files so I can't turn
> > it
> > > > back up until the configs are finished. Should be tonight or
> > tomorrow,
> > > > once I am able to finish.
> > > >
> > > > In any case, what are you trying now and what isn't working?
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > Subject: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> > http
> > > > server?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jeremy
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Leif W <war...@us...> - 2004-05-05 15:04:38
|
To get the protocol name you'll need to look at the full URI
(http://site/path/file.html) and not just the URL (/path/file.html). At
that point in the script, it is making decisions without enough
information, based only on the URL. So, it's got to be pulled from
elsewhere. As I said before, I never really modified the ioelement.js
(except some other minor thing), so I haven't got a good sense of what
goes on in there, yet.
Leif
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:52 AM
Subject: Re: [Dynapi-Help] secure http
> Ok, I tried changing that http to https in ioelement.js and it worked.
> Sorry, I should have tried it before I wrote that last email.
>
> What I'm wondering now is if there is a way to differentiate between
> secure/non-secure connections so that the appropriate prefix
(http/https)
> could be attached at
>
> if (url.substr(0,1)=='/') url =
'http://'+dynapi.frame.document.domain+url;
>
> and you wouldn't have to run separate copies of dynapi for secure and
> non-secure servers.
>
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 10:26 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Leif,
> >
> > What you have described is exactly what I am trying to do.
> >
> > > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > > these servers are running on the same mahine and I have total
control
> >
> > Because Mozilla crashes, I'm having a difficult time debugging the
error.
> > IE's script debugger says it's crashing in _monitorTransactions in
> > ioelement.js. at the following if statement:
> >
> > elm=this.getScope(r[4]);
> > if(elm && elm.document && !elm.document._tranState){
> >
> > So I'm assuming the getScope function on the previous line is
returning a
> > null value. I'm not sure why this would be, and maybe I'm way off
base.
> The
> > only other thing I'm wondering about is if the following lines are
causing
> a
> > problem in _doRequest
> >
> > if (url.indexOf('http')!=0) {
> > if (url.substr(0,1)=='/') url =
> > 'http://'+dynapi.frame.document.domain+url;
> > else url = dynapi.documentPath+url;
> > }
> >
> > Did you have to change these lines to set the url variable to start
with
> > https rather than http?
> >
> > Thanks for your help.
> >
> > Jeremy
> >
> >
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 11:22 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Hmm, not sure about that one. But the first part makes sense: you
don't
> > > want to start loading insecure data over a secure connection,
because
> > > then the data that is loaded is not going to be transmitted
securely,
> > > giving the false impression to the user that the entire session is
> > > secure. The second part, about the browser going into a loop and
giving
> > > an application error, seems like a bug a Doug suggested, but I
have no
> > > idea.
> > >
> > > How are you calling this PHP script? Is there any reason you
can't use
> > > a secure URL to the PHP script in the JS code?
> > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > secure connection, and the browser won't know or care what the PHP
> > > script does insecurely while talking to the database (which could
be
> > > another point of concern from the security view). I use a plain
PHP
> > > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > > these servers are running on the same mahine and I have total
control
> > > over it, so I know it's configured to work the way I expect. I
haven't
> > > tried having the initial web page on one HTTPS server, and calling
the
> > > PHP from a separate HTTP/HTTPS server, which may be what you're
doing.
> > >
> > > If you have control over the database machine, and it's a UNIX
box, you
> > > can install a program that enables SSL connections to arbitrary
server
> > > programs, with no modification to the server. Two such programs I
am
> > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
stunnel
> > > for SWAT (Samba Web Administration Tool), which doesn't use
Apache, it
> > > has it's own web server functionality, but specifically for the
task at
> > > hand.
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Monday, May 03, 2004 9:47 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Sorry, I should have been more specific in my original email. I
am
> > > using
> > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > scripts. It
> > > > works fine when it's running over http (port 80). When I switch
to
> > > https
> > > > (port 443), Mozilla gives me the following warning:
> > > >
> > > > Although this page is encrypted, the information you have
entered is
> > > to be
> > > > sent over an unencrypted connection and could easily be read by
a
> > > third
> > > > party.
> > > >
> > > > It asks me if wish to continue.... I click yes and then mozilla
goes
> > > into a
> > > > loop and gets an application error. Any idea on how I can fix
this. I
> > > really
> > > > need to be able to use secure http for my application.
> > > >
> > > > Jeremy
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Work in what way? It should work fine in a general sense.
The
> > > browser
> > > > > handles the connection to the server. The server does not
care what
> > > the
> > > > > file contents are, they are just static javascript files. The
> > > browser
> > > > > handles running the JavaScript, the server has no part in this
> > > process.
> > > > > I have a local copy of CVS with some of my tinkerings in it,
so it's
> > > a
> > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
see it
> > > at
> > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
automatically
> > > > > redirects to the secure site. I did most of my work with
IOElement
> > > and
> > > > > SODA here.
> > > > >
> > > > > :D Ohh yeah, the site is down right now, as I'm modifying
some
> > > Apache
> > > > > config settings, to get more details in my log files, and I
kind of
> > > shut
> > > > > the site off and started modifying some live files so I can't
turn
> > > it
> > > > > back up until the configs are finished. Should be tonight or
> > > tomorrow,
> > > > > once I am able to finish.
> > > > >
> > > > > In any case, what are you trying now and what isn't working?
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > Subject: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Is anyone aware of a way to get DynAPI 3 working with a
secure
> > > http
> > > > > server?
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Jeremy
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle 10g.
>
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 16:00:26
|
Right. So if you call ioelement.post(handler, data, function) with handler
set to a relative URL, this line expands it out to the full URI. What I'm
thinking is that you could use the DOM to get something like this.doc.URL
(not sure if this is the best place to check) and check if the prefix is
http or https and then prepend the result to the url vaiable in _doRequest.
I'm gonna try that here on my local copy. It may be worth putting in the
CVS, although I don't think it's been updated since Nov.
Jeremy
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 11:04 AM
Subject: Re: [Dynapi-Help] secure http
> To get the protocol name you'll need to look at the full URI
> (http://site/path/file.html) and not just the URL (/path/file.html). At
> that point in the script, it is making decisions without enough
> information, based only on the URL. So, it's got to be pulled from
> elsewhere. As I said before, I never really modified the ioelement.js
> (except some other minor thing), so I haven't got a good sense of what
> goes on in there, yet.
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 10:52 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Ok, I tried changing that http to https in ioelement.js and it worked.
> > Sorry, I should have tried it before I wrote that last email.
> >
> > What I'm wondering now is if there is a way to differentiate between
> > secure/non-secure connections so that the appropriate prefix
> (http/https)
> > could be attached at
> >
> > if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> >
> > and you wouldn't have to run separate copies of dynapi for secure and
> > non-secure servers.
> >
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 10:26 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Leif,
> > >
> > > What you have described is exactly what I am trying to do.
> > >
> > > > script over HTTPS to get data from a MySQL server. I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > >
> > > Because Mozilla crashes, I'm having a difficult time debugging the
> error.
> > > IE's script debugger says it's crashing in _monitorTransactions in
> > > ioelement.js. at the following if statement:
> > >
> > > elm=this.getScope(r[4]);
> > > if(elm && elm.document && !elm.document._tranState){
> > >
> > > So I'm assuming the getScope function on the previous line is
> returning a
> > > null value. I'm not sure why this would be, and maybe I'm way off
> base.
> > The
> > > only other thing I'm wondering about is if the following lines are
> causing
> > a
> > > problem in _doRequest
> > >
> > > if (url.indexOf('http')!=0) {
> > > if (url.substr(0,1)=='/') url =
> > > 'http://'+dynapi.frame.document.domain+url;
> > > else url = dynapi.documentPath+url;
> > > }
> > >
> > > Did you have to change these lines to set the url variable to start
> with
> > > https rather than http?
> > >
> > > Thanks for your help.
> > >
> > > Jeremy
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Monday, May 03, 2004 11:22 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Hmm, not sure about that one. But the first part makes sense: you
> don't
> > > > want to start loading insecure data over a secure connection,
> because
> > > > then the data that is loaded is not going to be transmitted
> securely,
> > > > giving the false impression to the user that the entire session is
> > > > secure. The second part, about the browser going into a loop and
> giving
> > > > an application error, seems like a bug a Doug suggested, but I
> have no
> > > > idea.
> > > >
> > > > How are you calling this PHP script? Is there any reason you
> can't use
> > > > a secure URL to the PHP script in the JS code?
> > > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > > secure connection, and the browser won't know or care what the PHP
> > > > script does insecurely while talking to the database (which could
> be
> > > > another point of concern from the security view). I use a plain
> PHP
> > > > script over HTTPS to get data from a MySQL server. I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > > > over it, so I know it's configured to work the way I expect. I
> haven't
> > > > tried having the initial web page on one HTTPS server, and calling
> the
> > > > PHP from a separate HTTP/HTTPS server, which may be what you're
> doing.
> > > >
> > > > If you have control over the database machine, and it's a UNIX
> box, you
> > > > can install a program that enables SSL connections to arbitrary
> server
> > > > programs, with no modification to the server. Two such programs I
> am
> > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
> stunnel
> > > > for SWAT (Samba Web Administration Tool), which doesn't use
> Apache, it
> > > > has it's own web server functionality, but specifically for the
> task at
> > > > hand.
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Sorry, I should have been more specific in my original email. I
> am
> > > > using
> > > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > > scripts. It
> > > > > works fine when it's running over http (port 80). When I switch
> to
> > > > https
> > > > > (port 443), Mozilla gives me the following warning:
> > > > >
> > > > > Although this page is encrypted, the information you have
> entered is
> > > > to be
> > > > > sent over an unencrypted connection and could easily be read by
> a
> > > > third
> > > > > party.
> > > > >
> > > > > It asks me if wish to continue.... I click yes and then mozilla
> goes
> > > > into a
> > > > > loop and gets an application error. Any idea on how I can fix
> this. I
> > > > really
> > > > > need to be able to use secure http for my application.
> > > > >
> > > > > Jeremy
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Leif W" <war...@us...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Work in what way? It should work fine in a general sense.
> The
> > > > browser
> > > > > > handles the connection to the server. The server does not
> care what
> > > > the
> > > > > > file contents are, they are just static javascript files. The
> > > > browser
> > > > > > handles running the JavaScript, the server has no part in this
> > > > process.
> > > > > > I have a local copy of CVS with some of my tinkerings in it,
> so it's
> > > > a
> > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
> see it
> > > > at
> > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> automatically
> > > > > > redirects to the secure site. I did most of my work with
> IOElement
> > > > and
> > > > > > SODA here.
> > > > > >
> > > > > > :D Ohh yeah, the site is down right now, as I'm modifying
> some
> > > > Apache
> > > > > > config settings, to get more details in my log files, and I
> kind of
> > > > shut
> > > > > > the site off and started modifying some live files so I can't
> turn
> > > > it
> > > > > > back up until the configs are finished. Should be tonight or
> > > > tomorrow,
> > > > > > once I am able to finish.
> > > > > >
> > > > > > In any case, what are you trying now and what isn't working?
> > > > > >
> > > > > > Leif
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > Subject: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Is anyone aware of a way to get DynAPI 3 working with a
> secure
> > > > http
> > > > > > server?
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Jeremy
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> >
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Jeremy W. <je...@ma...> - 2004-05-05 16:14:35
|
Here's my solution for anyone who may be interested. It works with both
secure and non-secure servers. In ioelement.js and the function _doRequest
it should read as follows starting on line 225
if (url.indexOf('http')!=0) {
var urlP = (this.doc.URL.indexOf('https') == 0) ? 'https://'
: 'http://';
if (url.substr(0,1)=='/') url =
urlP+dynapi.frame.document.domain+url;
else url = dynapi.documentPath+url;
}
Jeremy
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 12:00 PM
Subject: Re: [Dynapi-Help] secure http
> Right. So if you call ioelement.post(handler, data, function) with handler
> set to a relative URL, this line expands it out to the full URI. What I'm
> thinking is that you could use the DOM to get something like this.doc.URL
> (not sure if this is the best place to check) and check if the prefix is
> http or https and then prepend the result to the url vaiable in
_doRequest.
>
> I'm gonna try that here on my local copy. It may be worth putting in the
> CVS, although I don't think it's been updated since Nov.
>
> Jeremy
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 11:04 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > To get the protocol name you'll need to look at the full URI
> > (http://site/path/file.html) and not just the URL (/path/file.html). At
> > that point in the script, it is making decisions without enough
> > information, based only on the URL. So, it's got to be pulled from
> > elsewhere. As I said before, I never really modified the ioelement.js
> > (except some other minor thing), so I haven't got a good sense of what
> > goes on in there, yet.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 10:52 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Ok, I tried changing that http to https in ioelement.js and it worked.
> > > Sorry, I should have tried it before I wrote that last email.
> > >
> > > What I'm wondering now is if there is a way to differentiate between
> > > secure/non-secure connections so that the appropriate prefix
> > (http/https)
> > > could be attached at
> > >
> > > if (url.substr(0,1)=='/') url =
> > 'http://'+dynapi.frame.document.domain+url;
> > >
> > > and you wouldn't have to run separate copies of dynapi for secure and
> > > non-secure servers.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Leif,
> > > >
> > > > What you have described is exactly what I am trying to do.
> > > >
> > > > > script over HTTPS to get data from a MySQL server. I've used
> > ioelement
> > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> > all
> > > > > these servers are running on the same mahine and I have total
> > control
> > > >
> > > > Because Mozilla crashes, I'm having a difficult time debugging the
> > error.
> > > > IE's script debugger says it's crashing in _monitorTransactions in
> > > > ioelement.js. at the following if statement:
> > > >
> > > > elm=this.getScope(r[4]);
> > > > if(elm && elm.document && !elm.document._tranState){
> > > >
> > > > So I'm assuming the getScope function on the previous line is
> > returning a
> > > > null value. I'm not sure why this would be, and maybe I'm way off
> > base.
> > > The
> > > > only other thing I'm wondering about is if the following lines are
> > causing
> > > a
> > > > problem in _doRequest
> > > >
> > > > if (url.indexOf('http')!=0) {
> > > > if (url.substr(0,1)=='/') url =
> > > > 'http://'+dynapi.frame.document.domain+url;
> > > > else url = dynapi.documentPath+url;
> > > > }
> > > >
> > > > Did you have to change these lines to set the url variable to start
> > with
> > > > https rather than http?
> > > >
> > > > Thanks for your help.
> > > >
> > > > Jeremy
> > > >
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Hmm, not sure about that one. But the first part makes sense: you
> > don't
> > > > > want to start loading insecure data over a secure connection,
> > because
> > > > > then the data that is loaded is not going to be transmitted
> > securely,
> > > > > giving the false impression to the user that the entire session is
> > > > > secure. The second part, about the browser going into a loop and
> > giving
> > > > > an application error, seems like a bug a Doug suggested, but I
> > have no
> > > > > idea.
> > > > >
> > > > > How are you calling this PHP script? Is there any reason you
> > can't use
> > > > > a secure URL to the PHP script in the JS code?
> > > > > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > > > > secure connection, and the browser won't know or care what the PHP
> > > > > script does insecurely while talking to the database (which could
> > be
> > > > > another point of concern from the security view). I use a plain
> > PHP
> > > > > script over HTTPS to get data from a MySQL server. I've used
> > ioelement
> > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
> > all
> > > > > these servers are running on the same mahine and I have total
> > control
> > > > > over it, so I know it's configured to work the way I expect. I
> > haven't
> > > > > tried having the initial web page on one HTTPS server, and calling
> > the
> > > > > PHP from a separate HTTP/HTTPS server, which may be what you're
> > doing.
> > > > >
> > > > > If you have control over the database machine, and it's a UNIX
> > box, you
> > > > > can install a program that enables SSL connections to arbitrary
> > server
> > > > > programs, with no modification to the server. Two such programs I
> > am
> > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
> > stunnel
> > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > Apache, it
> > > > > has it's own web server functionality, but specifically for the
> > task at
> > > > > hand.
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Sorry, I should have been more specific in my original email. I
> > am
> > > > > using
> > > > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > > > scripts. It
> > > > > > works fine when it's running over http (port 80). When I switch
> > to
> > > > > https
> > > > > > (port 443), Mozilla gives me the following warning:
> > > > > >
> > > > > > Although this page is encrypted, the information you have
> > entered is
> > > > > to be
> > > > > > sent over an unencrypted connection and could easily be read by
> > a
> > > > > third
> > > > > > party.
> > > > > >
> > > > > > It asks me if wish to continue.... I click yes and then mozilla
> > goes
> > > > > into a
> > > > > > loop and gets an application error. Any idea on how I can fix
> > this. I
> > > > > really
> > > > > > need to be able to use secure http for my application.
> > > > > >
> > > > > > Jeremy
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Leif W" <war...@us...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Work in what way? It should work fine in a general sense.
> > The
> > > > > browser
> > > > > > > handles the connection to the server. The server does not
> > care what
> > > > > the
> > > > > > > file contents are, they are just static javascript files. The
> > > > > browser
> > > > > > > handles running the JavaScript, the server has no part in this
> > > > > process.
> > > > > > > I have a local copy of CVS with some of my tinkerings in it,
> > so it's
> > > > > a
> > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can
> > see it
> > > > > at
> > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > automatically
> > > > > > > redirects to the secure site. I did most of my work with
> > IOElement
> > > > > and
> > > > > > > SODA here.
> > > > > > >
> > > > > > > :D Ohh yeah, the site is down right now, as I'm modifying
> > some
> > > > > Apache
> > > > > > > config settings, to get more details in my log files, and I
> > kind of
> > > > > shut
> > > > > > > the site off and started modifying some live files so I can't
> > turn
> > > > > it
> > > > > > > back up until the configs are finished. Should be tonight or
> > > > > tomorrow,
> > > > > > > once I am able to finish.
> > > > > > >
> > > > > > > In any case, what are you trying now and what isn't working?
> > > > > > >
> > > > > > > Leif
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Is anyone aware of a way to get DynAPI 3 working with a
> > secure
> > > > > http
> > > > > > > server?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > >
> > > > > > > > Jeremy
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> > FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle 10g.
> > >
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Leif W <war...@us...> - 2004-05-05 17:11:51
|
Cool,
That's what I was thinking (well I was thinking the old document.href,
but that's pre-DOM I think, so I may showing my obsolete knowledge).
;-)
I'd like to test this for robustness before committing. Let's take a
while to think through the combinations where this may or may not work,
i.e. http page pulling https data from the same or a different server,
for instance if page images and static content don't need to be
encrypted, just the dynamic content fetched by the remote script? It
doesn't work for different protocol types, unless you manually modify
those lines and add your protocol, using a switch statement or
something. It should just use whatever protocol the file was requested
with if there's a complete URI, or else fallback to the protocol of the
page it being called from. Also to take into account are the port
numbers. Another non-standard configuration of my server is to use
alternative port numbers to differentiate unique secure hosts with a
single IP by using a unique IP:port pair.
I figure while we're looking at it and fixing a bug for one condition,
why not take on the larger problem revealed, and formulate a generalized
improvement for as many cases as we can. 90% of the work is figuring
out what's going on. Why address it later when I've forgotten
everything. ;-) Of course, I keep getting sidetracked with things...
If you have the momentum, go ahead and fix it, otherwise I'll get to it
as soon as I can, and you can keep using your patch and drop in a
replacement later if you want. :-)
Leif
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 12:14 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Here's my solution for anyone who may be interested. It works with
both
> secure and non-secure servers. In ioelement.js and the function
_doRequest
> it should read as follows starting on line 225
>
> if (url.indexOf('http')!=0) {
> var urlP = (this.doc.URL.indexOf('https') == 0) ?
'https://'
> : 'http://';
> if (url.substr(0,1)=='/') url =
> urlP+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Jeremy
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 12:00 PM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Right. So if you call ioelement.post(handler, data, function) with
handler
> > set to a relative URL, this line expands it out to the full URI.
What I'm
> > thinking is that you could use the DOM to get something like
this.doc.URL
> > (not sure if this is the best place to check) and check if the
prefix is
> > http or https and then prepend the result to the url vaiable in
> _doRequest.
> >
> > I'm gonna try that here on my local copy. It may be worth putting in
the
> > CVS, although I don't think it's been updated since Nov.
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Leif W" <war...@us...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 11:04 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > To get the protocol name you'll need to look at the full URI
> > > (http://site/path/file.html) and not just the URL
(/path/file.html). At
> > > that point in the script, it is making decisions without enough
> > > information, based only on the URL. So, it's got to be pulled
from
> > > elsewhere. As I said before, I never really modified the
ioelement.js
> > > (except some other minor thing), so I haven't got a good sense of
what
> > > goes on in there, yet.
> > >
> > > Leif
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Ok, I tried changing that http to https in ioelement.js and it
worked.
> > > > Sorry, I should have tried it before I wrote that last email.
> > > >
> > > > What I'm wondering now is if there is a way to differentiate
between
> > > > secure/non-secure connections so that the appropriate prefix
> > > (http/https)
> > > > could be attached at
> > > >
> > > > if (url.substr(0,1)=='/') url =
> > > 'http://'+dynapi.frame.document.domain+url;
> > > >
> > > > and you wouldn't have to run separate copies of dynapi for
secure and
> > > > non-secure servers.
> > > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Leif,
> > > > >
> > > > > What you have described is exactly what I am trying to do.
> > > > >
> > > > > > script over HTTPS to get data from a MySQL server. I've
used
> > > ioelement
> > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
case,
> > > all
> > > > > > these servers are running on the same mahine and I have
total
> > > control
> > > > >
> > > > > Because Mozilla crashes, I'm having a difficult time debugging
the
> > > error.
> > > > > IE's script debugger says it's crashing in
_monitorTransactions in
> > > > > ioelement.js. at the following if statement:
> > > > >
> > > > > elm=this.getScope(r[4]);
> > > > > if(elm && elm.document && !elm.document._tranState){
> > > > >
> > > > > So I'm assuming the getScope function on the previous line is
> > > returning a
> > > > > null value. I'm not sure why this would be, and maybe I'm way
off
> > > base.
> > > > The
> > > > > only other thing I'm wondering about is if the following lines
are
> > > causing
> > > > a
> > > > > problem in _doRequest
> > > > >
> > > > > if (url.indexOf('http')!=0) {
> > > > > if (url.substr(0,1)=='/') url =
> > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > else url = dynapi.documentPath+url;
> > > > > }
> > > > >
> > > > > Did you have to change these lines to set the url variable to
start
> > > with
> > > > > https rather than http?
> > > > >
> > > > > Thanks for your help.
> > > > >
> > > > > Jeremy
> > > > >
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Leif W" <war...@us...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Hmm, not sure about that one. But the first part makes
sense: you
> > > don't
> > > > > > want to start loading insecure data over a secure
connection,
> > > because
> > > > > > then the data that is loaded is not going to be transmitted
> > > securely,
> > > > > > giving the false impression to the user that the entire
session is
> > > > > > secure. The second part, about the browser going into a
loop and
> > > giving
> > > > > > an application error, seems like a bug a Doug suggested, but
I
> > > have no
> > > > > > idea.
> > > > > >
> > > > > > How are you calling this PHP script? Is there any reason
you
> > > can't use
> > > > > > a secure URL to the PHP script in the JS code?
> > > > > > https://domain.dom/sql.php Then, you are just talking HTTP
over a
> > > > > > secure connection, and the browser won't know or care what
the PHP
> > > > > > script does insecurely while talking to the database (which
could
> > > be
> > > > > > another point of concern from the security view). I use a
plain
> > > PHP
> > > > > > script over HTTPS to get data from a MySQL server. I've
used
> > > ioelement
> > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
case,
> > > all
> > > > > > these servers are running on the same mahine and I have
total
> > > control
> > > > > > over it, so I know it's configured to work the way I expect.
I
> > > haven't
> > > > > > tried having the initial web page on one HTTPS server, and
calling
> > > the
> > > > > > PHP from a separate HTTP/HTTPS server, which may be what
you're
> > > doing.
> > > > > >
> > > > > > If you have control over the database machine, and it's a
UNIX
> > > box, you
> > > > > > can install a program that enables SSL connections to
arbitrary
> > > server
> > > > > > programs, with no modification to the server. Two such
programs I
> > > am
> > > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm
using
> > > stunnel
> > > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > > Apache, it
> > > > > > has it's own web server functionality, but specifically for
the
> > > task at
> > > > > > hand.
> > > > > >
> > > > > > Leif
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Sorry, I should have been more specific in my original
email. I
> > > am
> > > > > > using
> > > > > > > Dynapi 3 with ioelement.js to get data from a database via
php
> > > > > > scripts. It
> > > > > > > works fine when it's running over http (port 80). When I
switch
> > > to
> > > > > > https
> > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > >
> > > > > > > Although this page is encrypted, the information you have
> > > entered is
> > > > > > to be
> > > > > > > sent over an unencrypted connection and could easily be
read by
> > > a
> > > > > > third
> > > > > > > party.
> > > > > > >
> > > > > > > It asks me if wish to continue.... I click yes and then
mozilla
> > > goes
> > > > > > into a
> > > > > > > loop and gets an application error. Any idea on how I can
fix
> > > this. I
> > > > > > really
> > > > > > > need to be able to use secure http for my application.
> > > > > > >
> > > > > > > Jeremy
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Leif W" <war...@us...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Work in what way? It should work fine in a general
sense.
> > > The
> > > > > > browser
> > > > > > > > handles the connection to the server. The server does
not
> > > care what
> > > > > > the
> > > > > > > > file contents are, they are just static javascript
files. The
> > > > > > browser
> > > > > > > > handles running the JavaScript, the server has no part
in this
> > > > > > process.
> > > > > > > > I have a local copy of CVS with some of my tinkerings in
it,
> > > so it's
> > > > > > a
> > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You
can
> > > see it
> > > > > > at
> > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > automatically
> > > > > > > > redirects to the secure site. I did most of my work
with
> > > IOElement
> > > > > > and
> > > > > > > > SODA here.
> > > > > > > >
> > > > > > > > :D Ohh yeah, the site is down right now, as I'm
modifying
> > > some
> > > > > > Apache
> > > > > > > > config settings, to get more details in my log files,
and I
> > > kind of
> > > > > > shut
> > > > > > > > the site off and started modifying some live files so I
can't
> > > turn
> > > > > > it
> > > > > > > > back up until the configs are finished. Should be
tonight or
> > > > > > tomorrow,
> > > > > > > > once I am able to finish.
> > > > > > > >
> > > > > > > > In any case, what are you trying now and what isn't
working?
> > > > > > > >
> > > > > > > > Leif
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Is anyone aware of a way to get DynAPI 3 working with
a
> > > secure
> > > > > > http
> > > > > > > > server?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > >
> > > > > > > > > Jeremy
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > Oracle
> > > > > > 10g.
> > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > > FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > Oracle
> > > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > > Oracle 10g.
> > > >
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > > >
> > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Doug M. <do...@cr...> - 2004-05-05 18:18:45
|
Just a quick note...
Mixing secure and unsecure items in a page has the unfortunate
side-effect of hte little yellow Lock symbol not showing up in the
bottom-right
corner of the browser (which is what people look for) as well as that
annoying
warning from the browser..
Not saying you should never mix these items, just a point to consider when
designing your app..
Maybe a good question to ask the client.. I know I will NVER enter personall
information unless the little yellow lock is there...
Oh an Leif.. when did you start feeling obsolete? :-)
For me it was when I couldn't convince my co-worksers that COBOL has no
native
array type... hehe
system.out.println("doug")
----- Original Message -----
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 1:11 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Cool,
>
> That's what I was thinking (well I was thinking the old document.href,
> but that's pre-DOM I think, so I may showing my obsolete knowledge).
> ;-)
>
> I'd like to test this for robustness before committing. Let's take a
> while to think through the combinations where this may or may not work,
> i.e. http page pulling https data from the same or a different server,
> for instance if page images and static content don't need to be
> encrypted, just the dynamic content fetched by the remote script? It
> doesn't work for different protocol types, unless you manually modify
> those lines and add your protocol, using a switch statement or
> something. It should just use whatever protocol the file was requested
> with if there's a complete URI, or else fallback to the protocol of the
> page it being called from. Also to take into account are the port
> numbers. Another non-standard configuration of my server is to use
> alternative port numbers to differentiate unique secure hosts with a
> single IP by using a unique IP:port pair.
>
> I figure while we're looking at it and fixing a bug for one condition,
> why not take on the larger problem revealed, and formulate a generalized
> improvement for as many cases as we can. 90% of the work is figuring
> out what's going on. Why address it later when I've forgotten
> everything. ;-) Of course, I keep getting sidetracked with things...
> If you have the momentum, go ahead and fix it, otherwise I'll get to it
> as soon as I can, and you can keep using your patch and drop in a
> replacement later if you want. :-)
>
> Leif
>
> ----- Original Message -----
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 12:14 PM
> Subject: Re: [Dynapi-Help] secure http - SOLUTION
>
>
> > Here's my solution for anyone who may be interested. It works with
> both
> > secure and non-secure servers. In ioelement.js and the function
> _doRequest
> > it should read as follows starting on line 225
> >
> > if (url.indexOf('http')!=0) {
> > var urlP = (this.doc.URL.indexOf('https') == 0) ?
> 'https://'
> > : 'http://';
> > if (url.substr(0,1)=='/') url =
> > urlP+dynapi.frame.document.domain+url;
> > else url = dynapi.documentPath+url;
> > }
> >
> > Jeremy
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 12:00 PM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Right. So if you call ioelement.post(handler, data, function) with
> handler
> > > set to a relative URL, this line expands it out to the full URI.
> What I'm
> > > thinking is that you could use the DOM to get something like
> this.doc.URL
> > > (not sure if this is the best place to check) and check if the
> prefix is
> > > http or https and then prepend the result to the url vaiable in
> > _doRequest.
> > >
> > > I'm gonna try that here on my local copy. It may be worth putting in
> the
> > > CVS, although I don't think it's been updated since Nov.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 11:04 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > To get the protocol name you'll need to look at the full URI
> > > > (http://site/path/file.html) and not just the URL
> (/path/file.html). At
> > > > that point in the script, it is making decisions without enough
> > > > information, based only on the URL. So, it's got to be pulled
> from
> > > > elsewhere. As I said before, I never really modified the
> ioelement.js
> > > > (except some other minor thing), so I haven't got a good sense of
> what
> > > > goes on in there, yet.
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Ok, I tried changing that http to https in ioelement.js and it
> worked.
> > > > > Sorry, I should have tried it before I wrote that last email.
> > > > >
> > > > > What I'm wondering now is if there is a way to differentiate
> between
> > > > > secure/non-secure connections so that the appropriate prefix
> > > > (http/https)
> > > > > could be attached at
> > > > >
> > > > > if (url.substr(0,1)=='/') url =
> > > > 'http://'+dynapi.frame.document.domain+url;
> > > > >
> > > > > and you wouldn't have to run separate copies of dynapi for
> secure and
> > > > > non-secure servers.
> > > > >
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Leif,
> > > > > >
> > > > > > What you have described is exactly what I am trying to do.
> > > > > >
> > > > > > > script over HTTPS to get data from a MySQL server. I've
> used
> > > > ioelement
> > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
> case,
> > > > all
> > > > > > > these servers are running on the same mahine and I have
> total
> > > > control
> > > > > >
> > > > > > Because Mozilla crashes, I'm having a difficult time debugging
> the
> > > > error.
> > > > > > IE's script debugger says it's crashing in
> _monitorTransactions in
> > > > > > ioelement.js. at the following if statement:
> > > > > >
> > > > > > elm=this.getScope(r[4]);
> > > > > > if(elm && elm.document && !elm.document._tranState){
> > > > > >
> > > > > > So I'm assuming the getScope function on the previous line is
> > > > returning a
> > > > > > null value. I'm not sure why this would be, and maybe I'm way
> off
> > > > base.
> > > > > The
> > > > > > only other thing I'm wondering about is if the following lines
> are
> > > > causing
> > > > > a
> > > > > > problem in _doRequest
> > > > > >
> > > > > > if (url.indexOf('http')!=0) {
> > > > > > if (url.substr(0,1)=='/') url =
> > > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > > else url = dynapi.documentPath+url;
> > > > > > }
> > > > > >
> > > > > > Did you have to change these lines to set the url variable to
> start
> > > > with
> > > > > > https rather than http?
> > > > > >
> > > > > > Thanks for your help.
> > > > > >
> > > > > > Jeremy
> > > > > >
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Leif W" <war...@us...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Hmm, not sure about that one. But the first part makes
> sense: you
> > > > don't
> > > > > > > want to start loading insecure data over a secure
> connection,
> > > > because
> > > > > > > then the data that is loaded is not going to be transmitted
> > > > securely,
> > > > > > > giving the false impression to the user that the entire
> session is
> > > > > > > secure. The second part, about the browser going into a
> loop and
> > > > giving
> > > > > > > an application error, seems like a bug a Doug suggested, but
> I
> > > > have no
> > > > > > > idea.
> > > > > > >
> > > > > > > How are you calling this PHP script? Is there any reason
> you
> > > > can't use
> > > > > > > a secure URL to the PHP script in the JS code?
> > > > > > > https://domain.dom/sql.php Then, you are just talking HTTP
> over a
> > > > > > > secure connection, and the browser won't know or care what
> the PHP
> > > > > > > script does insecurely while talking to the database (which
> could
> > > > be
> > > > > > > another point of concern from the security view). I use a
> plain
> > > > PHP
> > > > > > > script over HTTPS to get data from a MySQL server. I've
> used
> > > > ioelement
> > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But in my
> case,
> > > > all
> > > > > > > these servers are running on the same mahine and I have
> total
> > > > control
> > > > > > > over it, so I know it's configured to work the way I expect.
> I
> > > > haven't
> > > > > > > tried having the initial web page on one HTTPS server, and
> calling
> > > > the
> > > > > > > PHP from a separate HTTP/HTTPS server, which may be what
> you're
> > > > doing.
> > > > > > >
> > > > > > > If you have control over the database machine, and it's a
> UNIX
> > > > box, you
> > > > > > > can install a program that enables SSL connections to
> arbitrary
> > > > server
> > > > > > > programs, with no modification to the server. Two such
> programs I
> > > > am
> > > > > > > aware of (both use OpenSSL) are stunnel and sslwrap. I'm
> using
> > > > stunnel
> > > > > > > for SWAT (Samba Web Administration Tool), which doesn't use
> > > > Apache, it
> > > > > > > has it's own web server functionality, but specifically for
> the
> > > > task at
> > > > > > > hand.
> > > > > > >
> > > > > > > Leif
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Sorry, I should have been more specific in my original
> email. I
> > > > am
> > > > > > > using
> > > > > > > > Dynapi 3 with ioelement.js to get data from a database via
> php
> > > > > > > scripts. It
> > > > > > > > works fine when it's running over http (port 80). When I
> switch
> > > > to
> > > > > > > https
> > > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > > >
> > > > > > > > Although this page is encrypted, the information you have
> > > > entered is
> > > > > > > to be
> > > > > > > > sent over an unencrypted connection and could easily be
> read by
> > > > a
> > > > > > > third
> > > > > > > > party.
> > > > > > > >
> > > > > > > > It asks me if wish to continue.... I click yes and then
> mozilla
> > > > goes
> > > > > > > into a
> > > > > > > > loop and gets an application error. Any idea on how I can
> fix
> > > > this. I
> > > > > > > really
> > > > > > > > need to be able to use secure http for my application.
> > > > > > > >
> > > > > > > > Jeremy
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Leif W" <war...@us...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Work in what way? It should work fine in a general
> sense.
> > > > The
> > > > > > > browser
> > > > > > > > > handles the connection to the server. The server does
> not
> > > > care what
> > > > > > > the
> > > > > > > > > file contents are, they are just static javascript
> files. The
> > > > > > > browser
> > > > > > > > > handles running the JavaScript, the server has no part
> in this
> > > > > > > process.
> > > > > > > > > I have a local copy of CVS with some of my tinkerings in
> it,
> > > > so it's
> > > > > > > a
> > > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched. You
> can
> > > > see it
> > > > > > > at
> > > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > > automatically
> > > > > > > > > redirects to the secure site. I did most of my work
> with
> > > > IOElement
> > > > > > > and
> > > > > > > > > SODA here.
> > > > > > > > >
> > > > > > > > > :D Ohh yeah, the site is down right now, as I'm
> modifying
> > > > some
> > > > > > > Apache
> > > > > > > > > config settings, to get more details in my log files,
> and I
> > > > kind of
> > > > > > > shut
> > > > > > > > > the site off and started modifying some live files so I
> can't
> > > > turn
> > > > > > > it
> > > > > > > > > back up until the configs are finished. Should be
> tonight or
> > > > > > > tomorrow,
> > > > > > > > > once I am able to finish.
> > > > > > > > >
> > > > > > > > > In any case, what are you trying now and what isn't
> working?
> > > > > > > > >
> > > > > > > > > Leif
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > > To: <dyn...@li...>
> > > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Is anyone aware of a way to get DynAPI 3 working with
> a
> > > > secure
> > > > > > > http
> > > > > > > > > server?
> > > > > > > > > >
> > > > > > > > > > Thanks,
> > > > > > > > > >
> > > > > > > > > > Jeremy
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > -------------------------------------------------------
> > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > Get certified on the hottest thing ever to hit the
> market...
> > > > Oracle
> > > > > > > 10g.
> > > > > > > > > Take an Oracle 10g class now, and we'll give you the
> exam
> > > > FREE.
> > > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > _______________________________________________
> > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > Dyn...@li...
> > > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
> market...
> > > > Oracle
> > > > > > > 10g.
> > > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the market...
> > > > Oracle 10g.
> > > > >
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by Sleepycat Software
> > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > > deliver higher performing products faster, at low TCO.
> > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.677 / Virus Database: 439 - Release Date: 5/4/2004
|
|
From: Leif W <war...@us...> - 2004-05-05 21:59:04
|
----- Original Message -----
From: "Doug Melvin" <do...@cr...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 2:18 PM
Subject: Re: [Dynapi-Help] secure http - SOLUTION
> Maybe a good question to ask the client.. I know I will NVER enter
personall
> information unless the little yellow lock is there...
Yeah, good points, and same here. But I was just thinking in terms of
the robustness of the lib, but maybe I think I open up a can of whoopass
on a bug but it's just a can of worms. ;-) Still, it'd be nice to
handle any protocol. But looking at the code, it seems like it should
work.
> Oh an Leif.. when did you start feeling obsolete? :-)
I think sometime after my 25th birthday (couple years ago). ;-)
> For me it was when I couldn't convince my co-worksers that COBOL has
no
> native
> array type... hehe
I don't even know COBOL, they didn't teach it at the school where I
first learned a little coding (C/asm/Scheme/Prolog). Hehe, sorry to put
another nail in your coffin. But the same school doesn't even teach C
as the beginning course, they use Java. D'oh! Ugh, too much dogma, I
liked a language that's flexible and purposely breakable. Makes coding
more fun and debugging more interesting!
> system.out.println("doug")
echo <<<WHERE
Am I?
WHERE;
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 1:11 PM
> Subject: Re: [Dynapi-Help] secure http - SOLUTION
>
>
> > Cool,
> >
> > That's what I was thinking (well I was thinking the old
document.href,
> > but that's pre-DOM I think, so I may showing my obsolete knowledge).
> > ;-)
> >
> > I'd like to test this for robustness before committing. Let's take
a
> > while to think through the combinations where this may or may not
work,
> > i.e. http page pulling https data from the same or a different
server,
> > for instance if page images and static content don't need to be
> > encrypted, just the dynamic content fetched by the remote script?
It
> > doesn't work for different protocol types, unless you manually
modify
> > those lines and add your protocol, using a switch statement or
> > something. It should just use whatever protocol the file was
requested
> > with if there's a complete URI, or else fallback to the protocol of
the
> > page it being called from. Also to take into account are the port
> > numbers. Another non-standard configuration of my server is to use
> > alternative port numbers to differentiate unique secure hosts with a
> > single IP by using a unique IP:port pair.
> >
> > I figure while we're looking at it and fixing a bug for one
condition,
> > why not take on the larger problem revealed, and formulate a
generalized
> > improvement for as many cases as we can. 90% of the work is
figuring
> > out what's going on. Why address it later when I've forgotten
> > everything. ;-) Of course, I keep getting sidetracked with
things...
> > If you have the momentum, go ahead and fix it, otherwise I'll get to
it
> > as soon as I can, and you can keep using your patch and drop in a
> > replacement later if you want. :-)
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 12:14 PM
> > Subject: Re: [Dynapi-Help] secure http - SOLUTION
> >
> >
> > > Here's my solution for anyone who may be interested. It works with
> > both
> > > secure and non-secure servers. In ioelement.js and the function
> > _doRequest
> > > it should read as follows starting on line 225
> > >
> > > if (url.indexOf('http')!=0) {
> > > var urlP = (this.doc.URL.indexOf('https') == 0) ?
> > 'https://'
> > > : 'http://';
> > > if (url.substr(0,1)=='/') url =
> > > urlP+dynapi.frame.document.domain+url;
> > > else url = dynapi.documentPath+url;
> > > }
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Wanamaker" <je...@ma...>
> > > To: <dyn...@li...>
> > > Sent: Wednesday, May 05, 2004 12:00 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Right. So if you call ioelement.post(handler, data, function)
with
> > handler
> > > > set to a relative URL, this line expands it out to the full URI.
> > What I'm
> > > > thinking is that you could use the DOM to get something like
> > this.doc.URL
> > > > (not sure if this is the best place to check) and check if the
> > prefix is
> > > > http or https and then prepend the result to the url vaiable in
> > > _doRequest.
> > > >
> > > > I'm gonna try that here on my local copy. It may be worth
putting in
> > the
> > > > CVS, although I don't think it's been updated since Nov.
> > > >
> > > > Jeremy
> > > >
> > > > ----- Original Message -----
> > > > From: "Leif W" <war...@us...>
> > > > To: <dyn...@li...>
> > > > Sent: Wednesday, May 05, 2004 11:04 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > To get the protocol name you'll need to look at the full URI
> > > > > (http://site/path/file.html) and not just the URL
> > (/path/file.html). At
> > > > > that point in the script, it is making decisions without
enough
> > > > > information, based only on the URL. So, it's got to be pulled
> > from
> > > > > elsewhere. As I said before, I never really modified the
> > ioelement.js
> > > > > (except some other minor thing), so I haven't got a good sense
of
> > what
> > > > > goes on in there, yet.
> > > > >
> > > > > Leif
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Wednesday, May 05, 2004 10:52 AM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Ok, I tried changing that http to https in ioelement.js and
it
> > worked.
> > > > > > Sorry, I should have tried it before I wrote that last
email.
> > > > > >
> > > > > > What I'm wondering now is if there is a way to differentiate
> > between
> > > > > > secure/non-secure connections so that the appropriate prefix
> > > > > (http/https)
> > > > > > could be attached at
> > > > > >
> > > > > > if (url.substr(0,1)=='/') url =
> > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > >
> > > > > > and you wouldn't have to run separate copies of dynapi for
> > secure and
> > > > > > non-secure servers.
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Wednesday, May 05, 2004 10:26 AM
> > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Leif,
> > > > > > >
> > > > > > > What you have described is exactly what I am trying to do.
> > > > > > >
> > > > > > > > script over HTTPS to get data from a MySQL server. I've
> > used
> > > > > ioelement
> > > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But
in my
> > case,
> > > > > all
> > > > > > > > these servers are running on the same mahine and I have
> > total
> > > > > control
> > > > > > >
> > > > > > > Because Mozilla crashes, I'm having a difficult time
debugging
> > the
> > > > > error.
> > > > > > > IE's script debugger says it's crashing in
> > _monitorTransactions in
> > > > > > > ioelement.js. at the following if statement:
> > > > > > >
> > > > > > > elm=this.getScope(r[4]);
> > > > > > > if(elm && elm.document &&
!elm.document._tranState){
> > > > > > >
> > > > > > > So I'm assuming the getScope function on the previous line
is
> > > > > returning a
> > > > > > > null value. I'm not sure why this would be, and maybe I'm
way
> > off
> > > > > base.
> > > > > > The
> > > > > > > only other thing I'm wondering about is if the following
lines
> > are
> > > > > causing
> > > > > > a
> > > > > > > problem in _doRequest
> > > > > > >
> > > > > > > if (url.indexOf('http')!=0) {
> > > > > > > if (url.substr(0,1)=='/') url =
> > > > > > > 'http://'+dynapi.frame.document.domain+url;
> > > > > > > else url = dynapi.documentPath+url;
> > > > > > > }
> > > > > > >
> > > > > > > Did you have to change these lines to set the url variable
to
> > start
> > > > > with
> > > > > > > https rather than http?
> > > > > > >
> > > > > > > Thanks for your help.
> > > > > > >
> > > > > > > Jeremy
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: "Leif W" <war...@us...>
> > > > > > > To: <dyn...@li...>
> > > > > > > Sent: Monday, May 03, 2004 11:22 AM
> > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > >
> > > > > > >
> > > > > > > > Hmm, not sure about that one. But the first part makes
> > sense: you
> > > > > don't
> > > > > > > > want to start loading insecure data over a secure
> > connection,
> > > > > because
> > > > > > > > then the data that is loaded is not going to be
transmitted
> > > > > securely,
> > > > > > > > giving the false impression to the user that the entire
> > session is
> > > > > > > > secure. The second part, about the browser going into a
> > loop and
> > > > > giving
> > > > > > > > an application error, seems like a bug a Doug suggested,
but
> > I
> > > > > have no
> > > > > > > > idea.
> > > > > > > >
> > > > > > > > How are you calling this PHP script? Is there any
reason
> > you
> > > > > can't use
> > > > > > > > a secure URL to the PHP script in the JS code?
> > > > > > > > https://domain.dom/sql.php Then, you are just talking
HTTP
> > over a
> > > > > > > > secure connection, and the browser won't know or care
what
> > the PHP
> > > > > > > > script does insecurely while talking to the database
(which
> > could
> > > > > be
> > > > > > > > another point of concern from the security view). I use
a
> > plain
> > > > > PHP
> > > > > > > > script over HTTPS to get data from a MySQL server. I've
> > used
> > > > > ioelement
> > > > > > > > to talk to both Perl and PHP scripts, over HTTPS. But
in my
> > case,
> > > > > all
> > > > > > > > these servers are running on the same mahine and I have
> > total
> > > > > control
> > > > > > > > over it, so I know it's configured to work the way I
expect.
> > I
> > > > > haven't
> > > > > > > > tried having the initial web page on one HTTPS server,
and
> > calling
> > > > > the
> > > > > > > > PHP from a separate HTTP/HTTPS server, which may be what
> > you're
> > > > > doing.
> > > > > > > >
> > > > > > > > If you have control over the database machine, and it's
a
> > UNIX
> > > > > box, you
> > > > > > > > can install a program that enables SSL connections to
> > arbitrary
> > > > > server
> > > > > > > > programs, with no modification to the server. Two such
> > programs I
> > > > > am
> > > > > > > > aware of (both use OpenSSL) are stunnel and sslwrap.
I'm
> > using
> > > > > stunnel
> > > > > > > > for SWAT (Samba Web Administration Tool), which doesn't
use
> > > > > Apache, it
> > > > > > > > has it's own web server functionality, but specifically
for
> > the
> > > > > task at
> > > > > > > > hand.
> > > > > > > >
> > > > > > > > Leif
> > > > > > > >
> > > > > > > > ----- Original Message -----
> > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > To: <dyn...@li...>
> > > > > > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > >
> > > > > > > >
> > > > > > > > > Sorry, I should have been more specific in my original
> > email. I
> > > > > am
> > > > > > > > using
> > > > > > > > > Dynapi 3 with ioelement.js to get data from a database
via
> > php
> > > > > > > > scripts. It
> > > > > > > > > works fine when it's running over http (port 80). When
I
> > switch
> > > > > to
> > > > > > > > https
> > > > > > > > > (port 443), Mozilla gives me the following warning:
> > > > > > > > >
> > > > > > > > > Although this page is encrypted, the information you
have
> > > > > entered is
> > > > > > > > to be
> > > > > > > > > sent over an unencrypted connection and could easily
be
> > read by
> > > > > a
> > > > > > > > third
> > > > > > > > > party.
> > > > > > > > >
> > > > > > > > > It asks me if wish to continue.... I click yes and
then
> > mozilla
> > > > > goes
> > > > > > > > into a
> > > > > > > > > loop and gets an application error. Any idea on how I
can
> > fix
> > > > > this. I
> > > > > > > > really
> > > > > > > > > need to be able to use secure http for my application.
> > > > > > > > >
> > > > > > > > > Jeremy
> > > > > > > > >
> > > > > > > > > ----- Original Message -----
> > > > > > > > > From: "Leif W" <war...@us...>
> > > > > > > > > To: <dyn...@li...>
> > > > > > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > > > > > Subject: Re: [Dynapi-Help] secure http
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Work in what way? It should work fine in a general
> > sense.
> > > > > The
> > > > > > > > browser
> > > > > > > > > > handles the connection to the server. The server
does
> > not
> > > > > care what
> > > > > > > > the
> > > > > > > > > > file contents are, they are just static javascript
> > files. The
> > > > > > > > browser
> > > > > > > > > > handles running the JavaScript, the server has no
part
> > in this
> > > > > > > > process.
> > > > > > > > > > I have a local copy of CVS with some of my
tinkerings in
> > it,
> > > > > so it's
> > > > > > > > a
> > > > > > > > > > "dirty" copy of the CVS, but it's 99.99% untouched.
You
> > can
> > > > > see it
> > > > > > > > at
> > > > > > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> > > > > automatically
> > > > > > > > > > redirects to the secure site. I did most of my work
> > with
> > > > > IOElement
> > > > > > > > and
> > > > > > > > > > SODA here.
> > > > > > > > > >
> > > > > > > > > > :D Ohh yeah, the site is down right now, as I'm
> > modifying
> > > > > some
> > > > > > > > Apache
> > > > > > > > > > config settings, to get more details in my log
files,
> > and I
> > > > > kind of
> > > > > > > > shut
> > > > > > > > > > the site off and started modifying some live files
so I
> > can't
> > > > > turn
> > > > > > > > it
> > > > > > > > > > back up until the configs are finished. Should be
> > tonight or
> > > > > > > > tomorrow,
> > > > > > > > > > once I am able to finish.
> > > > > > > > > >
> > > > > > > > > > In any case, what are you trying now and what isn't
> > working?
> > > > > > > > > >
> > > > > > > > > > Leif
> > > > > > > > > >
> > > > > > > > > > ----- Original Message -----
> > > > > > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > > > > > To: <dyn...@li...>
> > > > > > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > > > > > Subject: [Dynapi-Help] secure http
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > Is anyone aware of a way to get DynAPI 3 working
with
> > a
> > > > > secure
> > > > > > > > http
> > > > > > > > > > server?
> > > > > > > > > > >
> > > > > > > > > > > Thanks,
> > > > > > > > > > >
> > > > > > > > > > > Jeremy
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> -------------------------------------------------------
> > > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > > Get certified on the hottest thing ever to hit the
> > market...
> > > > > Oracle
> > > > > > > > 10g.
> > > > > > > > > > Take an Oracle 10g class now, and we'll give you the
> > exam
> > > > > FREE.
> > > > > > > > > >
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > > _______________________________________________
> > > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > > Dyn...@li...
> > > > > > > > > >
https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> -------------------------------------------------------
> > > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > > Get certified on the hottest thing ever to hit the
> > market...
> > > > > Oracle
> > > > > > > > 10g.
> > > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > FREE.
> > > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > > _______________________________________________
> > > > > > > > > Dynapi-Help mailing list
> > > > > > > > > Dyn...@li...
> > > > > > > > >
https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -------------------------------------------------------
> > > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > > Get certified on the hottest thing ever to hit the
market...
> > > > > Oracle 10g.
> > > > > >
> > > > > > > > Take an Oracle 10g class now, and we'll give you the
exam
> > FREE.
> > > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > > _______________________________________________
> > > > > > > > Dynapi-Help mailing list
> > > > > > > > Dyn...@li...
> > > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -------------------------------------------------------
> > > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > > Get certified on the hottest thing ever to hit the
market...
> > Oracle
> > > > > 10g.
> > > > > > > Take an Oracle 10g class now, and we'll give you the exam
> > FREE.
> > > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > > _______________________________________________
> > > > > > > Dynapi-Help mailing list
> > > > > > > Dyn...@li...
> > > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle
> > > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> > Oracle 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam
FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by Sleepycat Software
> > > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent
use to
> > > > deliver higher performing products faster, at low TCO.
> > > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by Sleepycat Software
> > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use
to
> > > deliver higher performing products faster, at low TCO.
> > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by Sleepycat Software
> > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> > deliver higher performing products faster, at low TCO.
> > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.677 / Virus Database: 439 - Release Date: 5/4/2004
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
|
From: Leif W <war...@us...> - 2004-05-05 15:00:53
|
----- Original Message -----
From: "Jeremy Wanamaker" <je...@ma...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 10:26 AM
Subject: Re: [Dynapi-Help] secure http
> Leif,
>
> What you have described is exactly what I am trying to do.
>
> > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > these servers are running on the same mahine and I have total
control
>
> Because Mozilla crashes, I'm having a difficult time debugging the
error.
> IE's script debugger says it's crashing in _monitorTransactions in
> ioelement.js. at the following if statement:
>
> elm=this.getScope(r[4]);
> if(elm && elm.document && !elm.document._tranState){
>
> So I'm assuming the getScope function on the previous line is
returning a
> null value. I'm not sure why this would be, and maybe I'm way off
base. The
> only other thing I'm wondering about is if the following lines are
causing a
> problem in _doRequest
>
> if (url.indexOf('http')!=0) {
> if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> else url = dynapi.documentPath+url;
> }
>
> Did you have to change these lines to set the url variable to start
with
> https rather than http?
Ahh, I didn't touch the JavaScript, but maybe you found a bug, I don't
know. It may or may not be the right piece of code we're looking at.
The string 'http' is a subset of 'https', and starts at the exact same
spot, i.e.not 'http' and 'XYZhttps', so that url.indexOf() call should
work, which is why I think it may not be the right line of code, but it
made me think of something.
My Apache server is configured to do SSL only if available, so any HTTP
requests to my site get a permenent redirection to the HTTPS url, so
it's transparent to the browser. But it's probably not a common
scenario on the net in general. ;-) Yours is probably the common case.
Did you try to tweak the lines to look for https in the URL as well?
I'll look at this too.
I'll change my server behaviour not to redirect, and watch the secure
and regular logs, and see if the SSL session tries calling for a file on
port 80. This is what your browser indicates, but I personally like to
see both sides of the story. Check your Server logs too, if possible.
Mine's so low traffic, I just leave 'tail -f *.log', but even if your
server is busy, you could use 'tail -f site*.log | grep
specific_filename', which is some file only you are looking at.
Next, look in the JS files to where the script actually fetches the file
via http, and then just go back from there to see how the URL is built
up. IMO it should be able to take ANY url of ANY form. What if I wrote
my own protocol ABC:// which fetched files from a "file server" or
something. The script should not break because ABC != http.
Leif
P.S. Hmm, I should make my logs into TSV logs. It's very hard to
extract information from specific fields when all you can split on is a
space, and many fields have space within the content. ^^
> Thanks for your help.
>
> Jeremy
>
>
>
> ----- Original Message -----
> From: "Leif W" <war...@us...>
> To: <dyn...@li...>
> Sent: Monday, May 03, 2004 11:22 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Hmm, not sure about that one. But the first part makes sense: you
don't
> > want to start loading insecure data over a secure connection,
because
> > then the data that is loaded is not going to be transmitted
securely,
> > giving the false impression to the user that the entire session is
> > secure. The second part, about the browser going into a loop and
giving
> > an application error, seems like a bug a Doug suggested, but I have
no
> > idea.
> >
> > How are you calling this PHP script? Is there any reason you can't
use
> > a secure URL to the PHP script in the JS code?
> > https://domain.dom/sql.php Then, you are just talking HTTP over a
> > secure connection, and the browser won't know or care what the PHP
> > script does insecurely while talking to the database (which could be
> > another point of concern from the security view). I use a plain PHP
> > script over HTTPS to get data from a MySQL server. I've used
ioelement
> > to talk to both Perl and PHP scripts, over HTTPS. But in my case,
all
> > these servers are running on the same mahine and I have total
control
> > over it, so I know it's configured to work the way I expect. I
haven't
> > tried having the initial web page on one HTTPS server, and calling
the
> > PHP from a separate HTTP/HTTPS server, which may be what you're
doing.
> >
> > If you have control over the database machine, and it's a UNIX box,
you
> > can install a program that enables SSL connections to arbitrary
server
> > programs, with no modification to the server. Two such programs I
am
> > aware of (both use OpenSSL) are stunnel and sslwrap. I'm using
stunnel
> > for SWAT (Samba Web Administration Tool), which doesn't use Apache,
it
> > has it's own web server functionality, but specifically for the task
at
> > hand.
> >
> > Leif
> >
> > ----- Original Message -----
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Monday, May 03, 2004 9:47 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Sorry, I should have been more specific in my original email. I am
> > using
> > > Dynapi 3 with ioelement.js to get data from a database via php
> > scripts. It
> > > works fine when it's running over http (port 80). When I switch to
> > https
> > > (port 443), Mozilla gives me the following warning:
> > >
> > > Although this page is encrypted, the information you have entered
is
> > to be
> > > sent over an unencrypted connection and could easily be read by a
> > third
> > > party.
> > >
> > > It asks me if wish to continue.... I click yes and then mozilla
goes
> > into a
> > > loop and gets an application error. Any idea on how I can fix
this. I
> > really
> > > need to be able to use secure http for my application.
> > >
> > > Jeremy
> > >
> > > ----- Original Message -----
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Friday, April 30, 2004 10:08 PM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Work in what way? It should work fine in a general sense. The
> > browser
> > > > handles the connection to the server. The server does not care
what
> > the
> > > > file contents are, they are just static javascript files. The
> > browser
> > > > handles running the JavaScript, the server has no part in this
> > process.
> > > > I have a local copy of CVS with some of my tinkerings in it, so
it's
> > a
> > > > "dirty" copy of the CVS, but it's 99.99% untouched. You can see
it
> > at
> > > > http://dynapi.kicks-ass.net/ , and you'll see, it automatically
> > > > redirects to the secure site. I did most of my work with
IOElement
> > and
> > > > SODA here.
> > > >
> > > > :D Ohh yeah, the site is down right now, as I'm modifying some
> > Apache
> > > > config settings, to get more details in my log files, and I kind
of
> > shut
> > > > the site off and started modifying some live files so I can't
turn
> > it
> > > > back up until the configs are finished. Should be tonight or
> > tomorrow,
> > > > once I am able to finish.
> > > >
> > > > In any case, what are you trying now and what isn't working?
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message -----
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > Subject: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Is anyone aware of a way to get DynAPI 3 working with a secure
> > http
> > > > server?
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jeremy
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
Oracle
> > 10g.
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market...
Oracle
> > 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>
|
Thanks for helping keep SourceForge clean.
X