Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Thu, 25 Mar 2004 13:58:30 -0600
On 3/25/04 1:14 PM, "Roger Howard" <email@hidden> wrote:
>
With all due respect, and with a nod towards the limitations of Web
>
browsers as application environments, there are considerable reasons
>
why browsers are used to access (not host) applications - namely, about
>
the only cross-platform, network-based application toolkit.
That's only worthwhile if the application in question needs to run zero code
on the client, or is 100% pure, tested, cross platform Java.
>
>
If someone wants to write some backend code in AppleScript, and then
>
provide access to that code to users on a variety of platforms, a
>
Web-based UI is one of the only (or at least most common) ways. It's no
>
replacement for full-fledged desktop applications, but they often serve
>
very different purposes. Really, this argument would sound really silly
>
if you were advocating a Cocoa UI for Yahoo - Yahoo is best served by
>
browser-based UIs, even with all of their limitations.
Yahoo is designed from the ground up for web browsers, so of course a web
browser works as s front end there.. You can also write Java front ends that
will run cross platform. A web browser is only good in a limited set of
circumstances, most of them having to do with state.
>
>
I see this as a good addition to AppleScript - like any language, it
>
can be useful for more than just desktop applications... having
>
essentially a CGI bridge to AS could be highly useful to some, where a
>
solution like PHP won't necessarily solve the same problems (without
>
bridging PHP to AppleEvents at least, or more commonly Python).
The problem comes down to security. How do you use SSL or Kerberos with
AppleScript?
>
>
As others have pointed out, the security question is (or may be) a red
>
herring... as long as measures are taken to provide for authentication,
>
as long as the scripts are run at the right user level, as long as
>
there are safeguards to prevent arbitrary injection of code from
>
non-authenticated users, how is this any more dangerous, different, or
>
even scary as having PHP, perl, etc, on the same box.. every one of
>
those tools could potentially do malicious things, and as always its up
>
to implementors (and the original developers to some extent) to help
>
make sure that doesn't happen.
Because I can use the security in Apache, and tools like SSL, Kerberos,
cgiwrap and suexec, and a host of other tested security implementations that
don't exist in AppleScript. I'm unaware of Kerberized AppleScript, or
SSL-Aware AppleScript. How do you link authentication in an AppleScript
application to a KDC, or Active Directory setup? How do you use personal
certs to ensure that only those folks who are authorized can get to the
data?
Security is ALWAYS a concern in a networked enviroment.
john
--
"Anyone can just go in there and kill someone, but you can't get information
from a corpse."
- SEAL motto
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.