couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Anderson" <jch...@apache.org>
Subject Re: action servers
Date Tue, 11 Nov 2008 05:22:51 GMT
On Mon, Nov 10, 2008 at 8:16 PM, Dean Landolt <dean@deanlandolt.com> wrote:
> Are there any other security concerns in that light?
> I've left my instance wide for a few friends to play with -- perhaps I
> should have asked this earlier.

All I can think of is that we're only as safe as the couchjs sandbox.
Which is probably safe, but you can send arbitrary http requests with
action servers (and even from views if you are psycho) so there's
always the danger of abuse from people who can edit design docs.


> But yeah, if I squash the unobtrusive thing I'll probably only
> need an action for periodic feed updates

As long as you don't care about Google or people who haven't updated
their browser in 3 years, there's no reason to be creating dynamic
html.

> I already tried it -- I couldn't help myself. An hour ago all I got was a
> black screen -- now I see some action down below (other than the tweet form
> everything gets cut off on Firefox Ubuntu Hardy).

Yeah that's a not very fun failure mode. I should at least put up
"you're not alone" screen for when that happens. I'm still not sure
the cause of it. The Twitter API is a little flaky, so who know's what
role it plays here.


-- 
Chris Anderson
http://jchris.mfdz.com

Mime
View raw message