Re: [Dynapi-Help] secure http

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Right. So if you call ioelement.post(handler, data, function) with handler
set to a relative URL, this line expands it out to the full URI. What I'm
thinking is that you could use the DOM to get something like this.doc.URL
(not sure if this is the best place to check) and check if the prefix is
http or https and then prepend the result to the url vaiable in _doRequest.

I'm gonna try that here on my local copy. It may be worth putting in the
CVS, although I don't think it's been updated since Nov.

Jeremy

----- Original Message ----- 
From: "Leif W" <war...@us...>
To: <dyn...@li...>
Sent: Wednesday, May 05, 2004 11:04 AM
Subject: Re: [Dynapi-Help] secure http

> To get the protocol name you'll need to look at the full URI
> (http://site/path/file.html) and not just the URL (/path/file.html).  At
> that point in the script, it is making decisions without enough
> information, based only on the URL.  So, it's got to be pulled from
> elsewhere.  As I said before, I never really modified the ioelement.js
> (except some other minor thing), so I haven't got a good sense of what
> goes on in there, yet.
>
> Leif
>
> ----- Original Message ----- 
> From: "Jeremy Wanamaker" <je...@ma...>
> To: <dyn...@li...>
> Sent: Wednesday, May 05, 2004 10:52 AM
> Subject: Re: [Dynapi-Help] secure http
>
>
> > Ok, I tried changing that http to https in ioelement.js and it worked.
> > Sorry, I should have tried it before I wrote that last email.
> >
> > What I'm wondering now is if there is a way to differentiate between
> > secure/non-secure connections so that the appropriate prefix
> (http/https)
> > could be attached at
> >
> > if (url.substr(0,1)=='/') url =
> 'http://'+dynapi.frame.document.domain+url;
> >
> > and you wouldn't have to run separate copies of dynapi for secure and
> > non-secure servers.
> >
> >
> > ----- Original Message ----- 
> > From: "Jeremy Wanamaker" <je...@ma...>
> > To: <dyn...@li...>
> > Sent: Wednesday, May 05, 2004 10:26 AM
> > Subject: Re: [Dynapi-Help] secure http
> >
> >
> > > Leif,
> > >
> > > What you have described is exactly what I am trying to do.
> > >
> > > > script over HTTPS to get data from a MySQL server.  I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS.  But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > >
> > > Because Mozilla crashes, I'm having a difficult time debugging the
> error.
> > > IE's script debugger says it's crashing in _monitorTransactions in
> > > ioelement.js. at the following if statement:
> > >
> > >        elm=this.getScope(r[4]);
> > >        if(elm && elm.document && !elm.document._tranState){
> > >
> > > So I'm assuming the getScope function on the previous line is
> returning a
> > > null value. I'm not sure why this would be, and maybe I'm way off
> base.
> > The
> > > only other thing I'm wondering about is if the following lines are
> causing
> > a
> > > problem in _doRequest
> > >
> > >             if (url.indexOf('http')!=0) {
> > >                 if (url.substr(0,1)=='/') url =
> > > 'http://'+dynapi.frame.document.domain+url;
> > >                 else url = dynapi.documentPath+url;
> > >             }
> > >
> > > Did you have to change these lines to set the url variable to start
> with
> > > https rather than http?
> > >
> > > Thanks for your help.
> > >
> > > Jeremy
> > >
> > >
> > >
> > > ----- Original Message ----- 
> > > From: "Leif W" <war...@us...>
> > > To: <dyn...@li...>
> > > Sent: Monday, May 03, 2004 11:22 AM
> > > Subject: Re: [Dynapi-Help] secure http
> > >
> > >
> > > > Hmm, not sure about that one.  But the first part makes sense: you
> don't
> > > > want to start loading insecure data over a secure connection,
> because
> > > > then the data that is loaded is not going to be transmitted
> securely,
> > > > giving the false impression to the user that the entire session is
> > > > secure.  The second part, about the browser going into a loop and
> giving
> > > > an application error, seems like a bug a Doug suggested, but I
> have no
> > > > idea.
> > > >
> > > > How are you calling this PHP script?  Is there any reason you
> can't use
> > > > a secure URL to the PHP script in the JS code?
> > > > https://domain.dom/sql.php  Then, you are just talking HTTP over a
> > > > secure connection, and the browser won't know or care what the PHP
> > > > script does insecurely while talking to the database (which could
> be
> > > > another point of concern from the security view).  I use a plain
> PHP
> > > > script over HTTPS to get data from a MySQL server.  I've used
> ioelement
> > > > to talk to both Perl and PHP scripts, over HTTPS.  But in my case,
> all
> > > > these servers are running on the same mahine and I have total
> control
> > > > over it, so I know it's configured to work the way I expect.  I
> haven't
> > > > tried having the initial web page on one HTTPS server, and calling
> the
> > > > PHP from a separate HTTP/HTTPS server, which may be what you're
> doing.
> > > >
> > > > If you have control over the database machine, and it's a UNIX
> box, you
> > > > can install a program that enables SSL connections to arbitrary
> server
> > > > programs, with no modification to the server.  Two such programs I
> am
> > > > aware of (both use OpenSSL) are stunnel and sslwrap.  I'm using
> stunnel
> > > > for SWAT (Samba Web Administration Tool), which doesn't use
> Apache, it
> > > > has it's own web server functionality, but specifically for the
> task at
> > > > hand.
> > > >
> > > > Leif
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > To: <dyn...@li...>
> > > > Sent: Monday, May 03, 2004 9:47 AM
> > > > Subject: Re: [Dynapi-Help] secure http
> > > >
> > > >
> > > > > Sorry, I should have been more specific in my original email. I
> am
> > > > using
> > > > > Dynapi 3 with ioelement.js to get data from a database via php
> > > > scripts. It
> > > > > works fine when it's running over http (port 80). When I switch
> to
> > > > https
> > > > > (port 443), Mozilla gives me the following warning:
> > > > >
> > > > > Although this page is encrypted, the information you have
> entered is
> > > > to be
> > > > > sent over an unencrypted connection and could easily be read by
> a
> > > > third
> > > > > party.
> > > > >
> > > > > It asks me if wish to continue.... I click yes and then mozilla
> goes
> > > > into a
> > > > > loop and gets an application error. Any idea on how I can fix
> this. I
> > > > really
> > > > > need to be able to use secure http for my application.
> > > > >
> > > > > Jeremy
> > > > >
> > > > > ----- Original Message ----- 
> > > > > From: "Leif W" <war...@us...>
> > > > > To: <dyn...@li...>
> > > > > Sent: Friday, April 30, 2004 10:08 PM
> > > > > Subject: Re: [Dynapi-Help] secure http
> > > > >
> > > > >
> > > > > > Work in what way?  It should work fine in a general sense.
> The
> > > > browser
> > > > > > handles the connection to the server.  The server does not
> care what
> > > > the
> > > > > > file contents are, they are just static javascript files.  The
> > > > browser
> > > > > > handles running the JavaScript, the server has no part in this
> > > > process.
> > > > > > I have a local copy of CVS with some of my tinkerings in it,
> so it's
> > > > a
> > > > > > "dirty" copy of the CVS, but it's 99.99% untouched.  You can
> see it
> > > > at
> > > > > > http://dynapi.kicks-ass.net/ , and you'll see, it
> automatically
> > > > > > redirects to the secure site.  I did most of my work with
> IOElement
> > > > and
> > > > > > SODA here.
> > > > > >
> > > > > > :D  Ohh yeah, the site is down right now, as I'm modifying
> some
> > > > Apache
> > > > > > config settings, to get more details in my log files, and I
> kind of
> > > > shut
> > > > > > the site off and started modifying some live files so I can't
> turn
> > > > it
> > > > > > back up until the configs are finished.  Should be tonight or
> > > > tomorrow,
> > > > > > once I am able to finish.
> > > > > >
> > > > > > In any case, what are you trying now and what isn't working?
> > > > > >
> > > > > > Leif
> > > > > >
> > > > > > ----- Original Message ----- 
> > > > > > From: "Jeremy Wanamaker" <je...@ma...>
> > > > > > To: <dyn...@li...>
> > > > > > Sent: Friday, April 30, 2004 3:35 PM
> > > > > > Subject: [Dynapi-Help] secure http
> > > > > >
> > > > > >
> > > > > > > Is anyone aware of a way to get DynAPI 3 working with a
> secure
> > > > http
> > > > > > server?
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Jeremy
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > > Take an Oracle 10g class now, and we'll give you the exam
> FREE.
> > > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > > _______________________________________________
> > > > > > Dynapi-Help mailing list
> > > > > > Dyn...@li...
> > > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > This SF.Net email is sponsored by: Oracle 10g
> > > > > Get certified on the hottest thing ever to hit the market...
> Oracle
> > > > 10g.
> > > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > > _______________________________________________
> > > > > Dynapi-Help mailing list
> > > > > Dyn...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: Oracle 10g
> > > > Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> >
> > > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > > _______________________________________________
> > > > Dynapi-Help mailing list
> > > > Dyn...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > > >
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: Oracle 10g
> > > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > > _______________________________________________
> > > Dynapi-Help mailing list
> > > Dyn...@li...
> > > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: Oracle 10g
> > Get certified on the hottest thing ever to hit the market... Oracle
> 10g.
> > Take an Oracle 10g class now, and we'll give you the exam FREE.
> > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> > _______________________________________________
> > Dynapi-Help mailing list
> > Dyn...@li...
> > https://lists.sourceforge.net/lists/listinfo/dynapi-help
> >
> >
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Dynapi-Help mailing list
> Dyn...@li...
> https://lists.sourceforge.net/lists/listinfo/dynapi-help
>