aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes DOJO and Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "DOJO and Security" Watch "DOJO and Security" New topic
Author

DOJO and Security

Chris Boldon
Ranch Hand

Joined: Aug 10, 2006
Posts: 190
What is your prefered method of implementing security (authentication/authorization) with a sovereign DOJO application?

Does your book contain any best practice examples of this?
Frank Zammetti
Ranch Hand

Joined: Dec 16, 2004
Posts: 136
No, the book doesn't discuss that at all because I'm not sure what the use case would be. Well, I take that back, I can think of some situations... a sovereign webapp run in a library for example, you might want to have the concept of users that maybe stores settings in Gears or something like that.

That being said, I think that's maybe a bit of an unusual use case... I think typically you tend to assume that a sovereign webapp is run by one user, since it's on their machine. Think of it like MS Word or something... you don't have to log in to use it, even though you may have some user-specific settings (initials for example).

Then again, a counter-example would be Firefox, where you have profiles. But even in that case there's nothing like authentication or logging in, there's simply switching profiles.

I haven't done much thinking about this I'll admit, so I'm just kind of throwing out some ideas here. But the answer to your question in any case is no, this isn't discussed in the book at all and I don't at present have any preferred method to do this.


-- <br />Frank W. Zammetti<br />Founder and Chief Software Architect<br />Omnytex Technologies<br /><a href="http://www.omnytex.com" target="_blank" rel="nofollow">http://www.omnytex.com</a><br />AIM/Yahoo: fzammetti<br />MSN: fzammetti@hotmail.com<br />Author of "Practical Ajax Projects With Java Technology"<br /> (2006, Apress, ISBN 1-59059-695-1)<br />and "JavaScript, DOM Scripting and Ajax Projects"<br /> (2007, Apress, ISBN 1-59059-816-4)<br />Java Web Parts - <a href="http://javawebparts.sourceforge.net" target="_blank" rel="nofollow">http://javawebparts.sourceforge.net</a><br /> Supplying the wheel, so you don't have to reinvent it!
Chris Boldon
Ranch Hand

Joined: Aug 10, 2006
Posts: 190
Thanks Frank. It is a rather interesting case, which is why I bring it up. It is one of those things I'd like to see presented, and see how someone else addresses the issue.

In any event, I look forward to taking a look at your book.
Frank Zammetti
Ranch Hand

Joined: Dec 16, 2004
Posts: 136
Yeah, I'm with you, it's something I'd like to hear about too. I suspect there's probably only a limited set of cases where it would come into play, but they are interesting cases and worth discussing.

I suppose the way you could tackle it is that every time a user "registers", the app creates a separate Gears database for them, with the password stored in it in an encrypted form. This is in no way, shape or form 100% secure, but it's probably good enough for many situations. That way, the data is segregated and should, to a first approximation, be somewhat safe from others. Of course, you can just hack the SQLLite database files, but like I said, to a first approximation that might be an acceptable risk.

I think I remember seeing Dojo including some encryption support on top of Gears, but I'm not sure the status of that or how robust it is, or how far along it is, that could be another good, helpful piece of the puzzle.
 
 
subject: DOJO and Security