Cross-domain resource access (for Java files)

A

Andrew Thompson

I am in the process of developing an applet for marking-up
Java source (HTML style) for presentation, and am using
some source both on my domain(1), as well as Knute's
rabbitbrush.frazmtn domain(2), as examples.

(1)
<http://pscode.org/fmt/sbx.html?url=http://pscode.org/jh/
HelpSetter.java>
(2)
<http://pscode.org/fmt/?url=http://rabbitbrush.frazmtn.com/Pong2.java>

The point of linking to the two sites is to highlight the
security constraints. The applet for my own site is sandboxed,
but to access source from Knute's site, the end user needs to
accept the fully trusted version of the applet.

I like this scheme because the user does not even get to
'off site' source before a lot of bells and whistles, so
it helps (in some obtuse way) to highlight that something
unusual is happening.

Of course, foreign servers may simply refuse connections to
Java applications in total, and I would like to leave that
option open to them (so my apps. will not fib about what
they are).

As well, in order to give 'credit where it is due', the
applet makes a point of adding a bar on the bottom that
offers a button that links /directly/ to the (Java)
source document, and adds the message 'ClassName.java
source courtesy of the.other.domain'.

In my discussions of potential source at Knute's site for
test documents, he suggested that perhaps I could use a
proxy server to get the source into my site in the sandboxed
applet.

That is a good idea, but I am worried that is getting too
close to resource theft, or the perception of that.

What do folks around here, think?

Recommendations on ways forward:
- Leave the applet as is - it is just one more click to
get to source from another site.
- Implement a proxy server, have it identify itself
as java might, and accept any refusals gracefully.
- Implement a proxy server, have it identify itself
as WTH it would normally identify itself, and accept
any refusals gracefully.

Acknowledgment:
- Beef up the acknowledgment of source from a different
host by (ideas) moving the info. bar to the top, or
popping a JOptionPane at start-up.
- Stop stressing about it - the current detail is good
enough for Java programmers.
 
A

Andrew Thompson

In my discussions of potential source at Knute's site for
test documents, he suggested that perhaps I could use a
proxy server to get the source into my site in the sandboxed
applet.

And now I really think about it, Knute might just
have meant a proxy for *his* site, since we have a
pre-existing arrangement of linking to some of those
resources.

On the other hand, the applet will be configurable
by URL*, so I need to think on a wider scale.

* And I do not want to have to maintain a list of
'buy in' domains, better to let the site refuse at
the instant.

Oh, and bug reports etc. are welcome, but I doubt
that the document parsing ability will ever be
flawless.
 
K

Knute Johnson

Andrew said:
And now I really think about it, Knute might just
have meant a proxy for *his* site, since we have a
pre-existing arrangement of linking to some of those
resources.

No I meant to have at your site so that the applet you served up could
get the source code page from there rather than having to get it from
the actual site. This would save your applet from having to ask for
permission. I don't know about you but I rarely look at signed applets
unless I know where they are coming from.
On the other hand, the applet will be configurable
by URL*, so I need to think on a wider scale.

And instead of proxying(sp) any page, maybe just the links in the applet
can talk to the proxy? It might be handy to get at any page though.
* And I do not want to have to maintain a list of
'buy in' domains, better to let the site refuse at
the instant.

I think so too.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top