From: Robert H. <ha...@st...> - 2008-08-30 18:04:38
|
that's why I'm asking. Yes, I have tried this. We could make it only the applet from the server -- in other words not allow a new codebase -- if you think that is a major concern. How would you see the spoof working, Rolf? Bob On Sat, Aug 30, 2008 at 12:56 PM, <rh...@fl...> wrote: > Quoting Robert Hanson <ha...@st...>: > > > One of the interesting aspects is that I could use > > > > JMOLJAR= > > http://chemapps.stolaf.edu/jmol/docs/examples-11/JmolAppletSigned.jar > > > > for example to go to the PDB website and use MY applet instead of theirs. > > > > Bob, > have you tried that already? > If this is allowed it would be exactly what should pe prevented within > Jmol.js! > It should only be allowed to load a different Jmol version from the > same server! > > Otherwise anyone could use your/our service by 'URL Spoofing' to > deliver an "evil" Jmol applet (or even a totally different applet) to > the user!!! > > Regards, > Rolf > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Jmol-users mailing list > Jmo...@li... > https://lists.sourceforge.net/lists/listinfo/jmol-users > -- Robert M. Hanson Professor of Chemistry St. Olaf College Northfield, MN http://www.stolaf.edu/people/hansonr If nature does not answer first what we want, it is better to take what answer we get. -- Josiah Willard Gibbs, Lecture XXX, Monday, February 5, 1900 |