Icon View Thread

The following is the text of the current message along with any replies.
Messages 11 to 19 of 19 total
Thread First CD Collector Database Application Demo
Sun, Jan 29 2012 6:47 PMPermanent Link

Fernando Dias

Team Elevate Team Elevate

Raul

Yeah, you are right, It must be that.
There was a post referencing that problem some time ago, but I pay attention at that time.
I'll have to do some reading about these things, my knowledge about web technologies and web development is near to zero Smiley

--
Fernando Dias
[Team Elevate]
Sun, Jan 29 2012 7:06 PMPermanent Link

Jan Ferguson

Data Software Solutions, Inc.

Team Elevate Team Elevate

I also think you are correct. I forgot about that as well. That would
explain why I can reach it on my development machine but not via my web
server.

I'm with Fernando in that I still have a lot to learn about web
technologies and development.

Thanks for the information Raul.

--
Jan


Raul wrote:

> I'm thinking it's the JS same origin policy issue - your web server
> serves the JS files which then attempt to access elevate web site
> which would not be permitted.
>
> Raul
Sun, Jan 29 2012 9:17 PMPermanent Link

Raul

Team Elevate Team Elevate


We're all in the same boat - most of my web stuff has been server-side with some js sprinkled in for presentation side so it'll be a JS learning curve also (hopefully just some concepts since ewb will generate most of the JSSmile

In this case it's a very straightforward case of cross-domain-scripting. We happen to know the request is safe in a sense of accessing some sample data but in reality allowing something like this would open up all kinds of vulnerabilities.
Assuming this is allowed i could write a ewb app that accesses the user profile page instead (http://www.elevatesoft.com/user?action=view) and then parse out the login username and password and maybe your order history. Then all i need is another web request and post info to my server and have all the passwords. Similarly if one remains logged in to gmail or yahoom ail again malicious app could parse out your phonebook etc.

Raul

<<
I'll have to do some reading about these things, my knowledge about web technologies and web development is near to zero Smiley
>>
Mon, Jan 30 2012 4:48 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Jan,

<< I compiled the CD Collector project and made the change to the code that
Fernando stated in his post in this thread. However when I run the project
on my server I get an error: >>

You may not be able to run the project in the IDE due to cross-domain
restrictions.  You'll basically be trying to load data from
www.elevatesoft.com while using localhost for the rest.

I've posted a test web server that you can use for running the sample
application here in this newsgroup.

--
Tim Young
Elevate Software
www.elevatesoft.com
Mon, Jan 30 2012 4:48 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Fernando,

<< Now, what's in the server side? Where is the data coming from? >>

Duh, I forgot the most important part.  I've posted a web server that you
can use to serve up DBISAM tables.

--
Tim Young
Elevate Software
www.elevatesoft.com
Tue, Jan 31 2012 4:53 PMPermanent Link

Jan Ferguson

Data Software Solutions, Inc.

Team Elevate Team Elevate

Thanks Tim. The funny part was that I *could* run the project in the
IDE and it ran with data. It was when I put the project on my internet
server that no data came up. I do understand that it is due to
cross-domain restrictions.

I will look at the test web server as well.

--
Jan


Tim Young [Elevate Software] wrote:

> You may not be able to run the project in the IDE due to cross-domain
> restrictions.  You'll basically be trying to load data from
> www.elevatesoft.com while using localhost for the rest.
Fri, Feb 3 2012 3:31 AMPermanent Link

Richard

ENT Technologies

"Tim Young [Elevate Software]" wrote:
>>
>>I finally have the first CD Collector demonstration application up on the
>>web site here:
>>
>>http://www.elevatesoft.com/cdcollector/cdcollector.html

Hey, have you been in my house looking through my CD collection?....

That looks outstanding. I could never make it look that good, even with JQuery UI.

Can we see the server side code, if there is any?
Fri, Feb 3 2012 4:14 AMPermanent Link

Roy Lambert

NLH Associates

Team Elevate Team Elevate

Richard


Have a look in the demos ng

Roy Lambert
Fri, Feb 3 2012 7:58 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Richard,

<< Hey, have you been in my house looking through my CD collection?.... >>

Don't tell Roy, he thinks that my taste in music is horrible. Wink

<< That looks outstanding. I could never make it look that good, even with
JQuery UI. >>

Thanks.

<< Can we see the server side code, if there is any? >>

There's a test web server with the Delphi code used to serve up the JSON.
It's pretty simple stuff, and should be easily portable to any other
language.

--
Tim Young
Elevate Software
www.elevatesoft.com
« Previous PagePage 2 of 2
Jump to Page:  1 2
Image