Would anyone be interested in seeing KwiKoL be ported to PHP? It could potentially have two branches, one using cURL and one using standard PHP streams. While I'm obviously a big fan of Java, this would enable developers to run the library on web server using a scripting language, which might be more feasible in some cases than requiring a Java-enabled server or programming an applet. Thoughts?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
One of the things I realized by playing with servlets is that my KoL password went from my client to the servlet server (where it was used by KwiKoL) and then to KoL proper. That is the classic man-in-the-middle attack scenario and it means the user has to trust the servlet server. I'm not sure that the programming effort needed to gain/prove that trust is worth it. That being the case I'm inclined to think anyone who would be running php locally could also run Java if they wanted to do so.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
<< That being the case I'm inclined to think anyone who would be running php locally could also run Java if they wanted to do so. >>
This is not at all the case. For example, a friend of mine purchased his domain and web hosting through a single provider. That provider uses servers that support Perl and PHP, but not Java.
From what I've seen, this is common among web hosting providers. Java is generally only used on dedicated servers for enterprise-level applications by people who have full control over their servers. PHP and Perl are more common among hosting providers for the "common people." I don't know the reason for this, because the way I see it, supporting Java is just as easy as supporting either PHP or Perl. That's just the way it is.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
:-) I am guilty of having most of my experience in a situation where I have complete control of the server so I was not thinking of what commercial and/or low budget web hosting offered. My point, about the KOL password having to pass through an intermediate party remains. Indeed, my paranoia increases in this case because I don't control the server. Perhaps that is because I still bear the scars from the time a poor web implementation allowed username and password to appear in the web server log as plain text :-(
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Would anyone be interested in seeing KwiKoL be ported to PHP? It could potentially have two branches, one using cURL and one using standard PHP streams. While I'm obviously a big fan of Java, this would enable developers to run the library on web server using a scripting language, which might be more feasible in some cases than requiring a Java-enabled server or programming an applet. Thoughts?
One of the things I realized by playing with servlets is that my KoL password went from my client to the servlet server (where it was used by KwiKoL) and then to KoL proper. That is the classic man-in-the-middle attack scenario and it means the user has to trust the servlet server. I'm not sure that the programming effort needed to gain/prove that trust is worth it. That being the case I'm inclined to think anyone who would be running php locally could also run Java if they wanted to do so.
<< That being the case I'm inclined to think anyone who would be running php locally could also run Java if they wanted to do so. >>
This is not at all the case. For example, a friend of mine purchased his domain and web hosting through a single provider. That provider uses servers that support Perl and PHP, but not Java.
From what I've seen, this is common among web hosting providers. Java is generally only used on dedicated servers for enterprise-level applications by people who have full control over their servers. PHP and Perl are more common among hosting providers for the "common people." I don't know the reason for this, because the way I see it, supporting Java is just as easy as supporting either PHP or Perl. That's just the way it is.
:-) I am guilty of having most of my experience in a situation where I have complete control of the server so I was not thinking of what commercial and/or low budget web hosting offered. My point, about the KOL password having to pass through an intermediate party remains. Indeed, my paranoia increases in this case because I don't control the server. Perhaps that is because I still bear the scars from the time a poor web implementation allowed username and password to appear in the web server log as plain text :-(