[Laszlo-dev] proposal for API extension to dataset for explicit proxy server host
P T Withington
ptw at openlaszlo.org
Fri Jul 13 10:26:17 PDT 2007
On 2007-07-13, at 13:21 EDT, Henry Minsky wrote:
> On 7/13/07, P T Withington <ptw at openlaszlo.org> wrote:
>>
>> So the src attribute would still be the real source of the data?
>>
>> Presumably the proxy needs to vet the requestee and the source being
>> requested so that it does not act as an 'open relay'?
>
>
>
> There's no really good way I can think of to do that, given that
> the app
> source is readable to a pretty casual observer. Put the proxy should
> probably
> have a default of "closed", and only speak to specific 3rd party
> hosts as
> configured in a config file.
Right, that is all I am saying. The proxy needs a whitelist
mechanism (whether we build it or you acquire one). I believe our
tomcat-based proxy already has this?
More information about the Laszlo-dev
mailing list