xmlrpccom-scriptserver Mailing List for PHP RPC
Brought to you by:
harryf,
simonwillison
Menu
▾
▴
xmlrpccom-scriptserver — ScriptServer Development
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(8) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
|
From: Marvin E. <Sho...@gm...> - 2006-11-01 04:53:11
|
abysmal maryland Our attorneys have discovered a loop hole in the banking laws. motif. Using this discovery we have been successful at totally eliminating peoples CreditCardDebt with out them paying another dime. afoot. We GuaranteeThat we can do this for you. lumpur. http://0x59687015 nelson cornelius asphyxiate |
|
From: Harry F. <hf...@ph...> - 2004-10-25 20:39:41
|
> Did you end up selecting a new name yet for ScriptServer? Went for jpspan based on your idea. That means there's the hassle of movi= ng=20 coming up eventually - will be heading to=20 http://sourceforge.net/projects/jpspan |
|
From: Harry F. <hf...@ph...> - 2004-10-25 20:31:10
|
Hi Nomadeous,
Like the general idea - agree more control is required. Think I'll probab=
ly go=20
for something a little more externalized though like providing a placehol=
der=20
for a user defined object that does the filtering. Trying to avoid writin=
g=20
anything PHP5 specifc at the moment (the ErrorHandler being the exception=
).
Also, right now, I _think_ ScriptServer_Handle::examine() does what you w=
ant -=20
it should ignore methods beginning underscore and last time I looked=20
get_class_methods ignores private PHP5 methods. It also ignores the=20
constructor and should work with __construct as well.
Note there is a performance overhead with the ::examine() method if you d=
on't=20
provide an explicit description object yourself when you register a handl=
e,=20
because examine() will include the class file.
Harry
On Wednesday 20 October 2004 12:58, Nomadeous wrote:
> Hye Harry,
> Thinking about security issues with scriptserver, I have a proposition
> about the reflection process used in ScriptServer.
> More precisely, in the ScriptServer_Handle class (Handle.php) :
> in the examine method after getting all methods of the class, I
> propose to put a filter to let only public methods available in the JS
> Client Interface, :
> Considering the Reflection API in PHP 5
> and private methods in PHP 4 prefixed by the character _
>
> here is my patch
> Handle.php - line 122 :
> $methods =3D get_class_methods($Class);
> if ( is_null($methods) ) {
> return FALSE;
> }
> // Update Filter public methods
> if(class_exists('ReflectionMethod')) { // PHP 5
> $public_filter_func =3D
> create_function('$method_name','$reflect =3D new
> ReflectionMethod("'.$Class.'", $method_name); return
> ($reflect->isPublic());');
> }
> else { // PHP 4 (suppposed methods are prefixed by an underscor=
e :=20
> _ ) $public_filter_func =3D create_function('$v', 'return
> (!(substr($v,0,1) =3D=3D "_"));');
> }
> $methods =3D array_filter($methods,$public_filter_func);
> // Update end
> $methods =3D array_map('strtolower',$methods);
>
>
> Maybe, an implementation without create_function would be better.
> What do you think of ?
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJourna=
l
> Use IT products in your business? Tell us what you think of them. Give =
us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out =
more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Xmlrpccom-scriptserver mailing list
> Xml...@li...
> https://lists.sourceforge.net/lists/listinfo/xmlrpccom-scriptserver
|
|
From: Jason S. <jas...@gm...> - 2004-10-21 05:20:26
|
Did you end up selecting a new name yet for ScriptServer? -- http://blog.casey-sweat.us/ |
|
From: Nomadeous <nom...@gm...> - 2004-10-20 12:59:03
|
Hye Harry,
Thinking about security issues with scriptserver, I have a proposition
about the reflection process used in ScriptServer.
More precisely, in the ScriptServer_Handle class (Handle.php) :
in the examine method after getting all methods of the class, I
propose to put a filter to let only public methods available in the JS
Client Interface, :
Considering the Reflection API in PHP 5
and private methods in PHP 4 prefixed by the character _
here is my patch
Handle.php - line 122 :
$methods = get_class_methods($Class);
if ( is_null($methods) ) {
return FALSE;
}
// Update Filter public methods
if(class_exists('ReflectionMethod')) { // PHP 5
$public_filter_func =
create_function('$method_name','$reflect = new
ReflectionMethod("'.$Class.'", $method_name); return
($reflect->isPublic());');
}
else { // PHP 4 (suppposed methods are prefixed by an underscore : _ )
$public_filter_func = create_function('$v', 'return
(!(substr($v,0,1) == "_"));');
}
$methods = array_filter($methods,$public_filter_func);
// Update end
$methods = array_map('strtolower',$methods);
Maybe, an implementation without create_function would be better.
What do you think of ?
|
|
From: Chris W. <chr...@gm...> - 2004-10-14 11:05:50
|
> Would be interested to hear about your Javascript library, BTW. Kind of > looking for a good set of tools on the client side. They're only in an early stage at the moment. The aim is to have a library of widgets and an application framework for creating rich client apps. I'm trying to move away from the traditional web application model of joining a together a collection of server-side scripts. Instead, load only one page that contains a collection of JS components and queries the server through a mechanism such as SS. All results and application functions will occur through manipulation of the DOM. Will let you know when there's something worthwhile to look at. Cheers, Chris |
|
From: Harry F. <hf...@ph...> - 2004-10-14 10:31:49
|
>> Would be interested to hear about your Javascript library, BTW. Kind of >> looking for a good set of tools on the client side. > They're only in an early stage at the moment. The aim is to have a > library of widgets and an application framework for creating rich > client apps. I'm trying to move away from the traditional web > application model of joining a together a collection of server-side > scripts. Instead, load only one page that contains a collection of JS > components and queries the server through a mechanism such as SS. All > results and application functions will occur through manipulation of > the DOM. One thought there. Don't know if you've looked at TiddlyWiki (http://www.tiddlywiki.org) but looking at the source, really find the helper functions for creating nodes useful but also flexible (e.g. createTiddlyElement() and createTiddlyButton()). Perhaps some inspiration there? > > Will let you know when there's something worthwhile to look at. > > Cheers, > Chris > |
|
From: Harry F. <hf...@ph...> - 2004-10-13 14:58:49
|
Hi Chris, Interesting ideas on the sessions integration. Give's me some food for thought. Right now I'm hoping to push that kind of problem to people using ScriptServer, rather than having it built in, essentially to keep ScriptServer as simple as possible. Where I could see this being really useful is as some kind of Javascript/PHP object synchronization, allowing the state of a Javascript application to be reloaded, object "backups" happening invisibly via async calls. Of course no ones really building that kind of APP with Javascript yet. Would be interested to hear about your Javascript library, BTW. Kind of looking for a good set of tools on the client side. Harry |
|
From: Chris W. <chr...@gm...> - 2004-10-13 06:49:54
|
Hi Harry (and any others). I'm really liking this ScriptServer interface.. I just finished implementing the same autocompletion (as in 0.3) last night but through my own JS Interface. It's a very powerful solution that you've chosen. Basically I see the solution to serialize php objects as a tradeoff between compatibility between languages and reducing the transfer overhead. And the ScriptServer solution is the correct one for myself (and i'm sure many other developers) You could use XML or similar to transfer between client and server, but that will just slow client response times that you want to be as fast as possible. If it came down to it a developer could write an implementation of ScriptServer in any other language if so desired. How are people going to integrate SS into the web application tiered structure? I am using SS to extend the client to request data from the business logic tier, rather than integrate SS directly into the bus. logic. This is important as client variables are passed to SS to communicate the context and adding support for such things into the business logic tier adds an extra layer of complexity. For example sending a var 'limitSize' that sets the maximum number of rows a queries should return. I may want to define that client side - so a call to databaseObject->execQuery() will need to also contain the variable 'limitSize'. For any other database calls I will need to send this same variable - much duplication and messy. Alternatively communicating the context of an object could be done transparently through PHP sessions. For example - consider a car object to be inserted into a database: var car = new car(); // a SS PHP object car.color = 'red'; // this will cause a xmlhttp request to the server .. on the server the variable is stored somewhere within the session identifying the object instance and variable data. This session data is also available transparently to the PHP object through a core SS object class that the car class in PHP extended. Now when I call: car.insert(); the server already knows that the color is red and will place that into the database. Without constant client->server communication this would only go one-way, client to server. As there is no response to be received it would only be small bits of data being sent as it is being entered. I think this would result in faster applications rather than slower ones provided async calls were used. Why faster? because I only have to call car.insert() rather than car.insert(color,age,model,make,owner) etc. etc. The total amount of data transmitted is reduced hence reducing the total response time. Keep up the great work on this project Harry. I'm hoping to get a series of demos up soon that combine SS with my own JS widget library. Will keep you posted. Cheers, Chris Were |
