Re: Who knows ANYTHING about broadway / HTML5 backend?



On Thu, 2014-01-23 at 08:55 +0100, Tarnyko wrote:
Hi Daniel, 

I guess that if I wanted it to work in its current state, I would have a CGI 
(or other) app handling authentication, and if successful spawning the GTK+ 
application on a new IP port and redirecting the user to this port. 

Subsequent connections to this IP port should be protected by some web 
server magic (reading a password database). 

But I agree that it would be nice if such a feature was supported 
out-of-the-box.

I've done a lot of reading on this subject in the last few weeks
(being that I don't exactly have a web background), it would seem
that such an out-of-the-box solution would be unrealistic - given
the stateless nature of HTTP and the ever-evolving state of the
art in web security and authentication (you have various forms
of authentication with various tradeoffs you would make for different
types of web sites/services).

But I would be really interested in understanding how this backend
works, perhaps one could run the web server with libsoup and perform
authentication there, passing a session identifier directly to the
broadway backend - routing all traffic relevant to that given session
to the appropriate application UI instance (perhaps one
GtkApplicationWindow could be used for each active session ?
and a special GtkWindow could be used for any unauthenticated user,
just to display a splash / login page ?).

Somehow I think using a separate port for each active session is
unrealistic (what if you have many active sessions, can you really
just allocate that many ports ?).

Anyway, I'm no expert in web/http but learning about it, and would
be really interested in a solution for this as well... perhaps I will
dig into this in the coming months.

Cheers,
    -Tristan


Regardsn
Tarnyko 

Daniel Kasak writes: 

Fair enough. Good to see someone answer ;) The other question I posted to
an app-devel list or something like that. I can deal with not being able to
resize / maximise for now. What I'm not clear on is security. The way I
assumed it would work was this: 

- I write a simple login page that checks credentials in a DB
- If login is successful, an authentication key is generated, an instance
of broadwayd is spawned on a new port, an instance of the app is spawned,
and pointed ( somehow ) at the correct instance of broadwayd, and the key
and port is returned to the client's browser 

What happens from here on is less clear. The browser would have to keep
passing this key back to broadwayd or the app? Can we use https or tunnel
through ssh? Is anything like this implemented already? 

From what I've seen with my limited testing, the default setup basically
allows anyone to hit the IP / port that broadway is running on, and take
over control of the app. 

Any thoughts? 

Dan 


On Thu, Jan 23, 2014 at 11:07 AM, Jasper St. Pierre
<jstpierre mecheye net>wrote: 

Hi Daniel, 

I can only find one email to this list about this, which is about
maximizing windows on Broadway. I'm sorry I didn't reply, but I was busy
that day. I do remember investigating the question before getting poked to
do something else instead. 

Broadway is indeed not "officially" supported, in that it's not ready for
production. 


On Wed, Jan 22, 2014 at 6:55 PM, Daniel Kasak <d j kasak dk gmail com>wrote: 

Hi all. Unfortunately, my last couple of posts to various gtk lists on
this topic have had ZERO replies :( 

This is giving me the impression that broadway is not officially
supported, and possibly developed and maintained by a single person. Is
this the case? Does anyone know who I'd contact who does know about
broadway status? 

Dan 

_______________________________________________
gtk-list mailing list
gtk-list gnome org
https://mail.gnome.org/mailman/listinfo/gtk-list 




--
  Jasper 

_______________________________________________
gtk-list mailing list
gtk-list gnome org
https://mail.gnome.org/mailman/listinfo/gtk-list




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]