[Tickets #2565] Re: Gecko Bookmarks extension
bugs at bugs.horde.org
bugs at bugs.horde.org
Sat May 26 17:18:44 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2565
-----------------------------------------------------------------------
Ticket | 2565
Updated By | joey at joeyhewitt.com
Summary | Gecko Bookmarks extension
Queue | Trean
Type | Enhancement
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
joey at joeyhewitt.com (2007-05-26 10:18) wrote:
>> As for security, I think the point is moot, now that the only way
>> anything useful can be retrieved is with a POST, and nobody should be
>> able to forge and read with POST, right?
>
> No, POSTs can be forged as well.
OK, can you think of a way I can transparently implement security? I only
know of putting something at the beginning of the JSON, so that we can
strip it off but nobody else can because they can't read it directly.
Unfortunately, I'm guessing this will break the JSON-RPC spec.
>
>> just like an XPI had been installed there. But if I understand what
>> you're saying, it would be neat. The XPI could be downloaded from
>> the Horde server, which would allow us to throw in some subtle
>> features like making the XPI's default server URL be the server
>> you're downloading from. (Perhaps that would not be desirable,
>> though.) Is that what you meant?
>
> Exactly. And I actually started working on this yesterday, maybe I
> can show something in the next few days.
OK, thanks!
More information about the bugs
mailing list