On Apr 26, 11:25 pm, Patrick Maupin <pmau...@gmail.com> wrote: > On Apr 26, 4:12 pm, lkcl <luke.leigh...@googlemail.com> wrote: > > > and, given that you can use AJAX (e.g. JSONRPC) to communicate with a > > server-side component, installed on 127.0.0.1 and effectively do the > > exact same thing, nobody bothers. > > I suppose, but again, that pushes off the security thing. There are a > lot of obvious ways to make unintended security holes in a 127.0.0.1 > application,
not to an experienced web developer. by starting the browser at a URL which can only used once, you can effectively do the same trick that X-Server X-Auth "magic cookies" does. > so I'm sure there are also a lot of ways that would be > unobvious to this security non-expert. And, of course, the real > dealbreaker is, it still requires a separate install. not necessarily. luis pamirez created pygtkweb (a reimplementation of gtk widgets, to be compiled to javascript, to run in a web browser) and he created it as a stand-alone app that 1) fired off a web browser 2) ran a small cgi-bin-esque web service 3) served static (pre- compiled) pages 4) served AJAX to the compiled app. with pyjd, that "step 1" can be bypassed or more specifically step 1 and 2 can be combined into the _one_ python app (two threads / processes); you effectively combine the "start the window with the browser engine in it" step with the "start a mini web server" step. so it can be done: it's just not "immediately obvious". l. -- http://mail.python.org/mailman/listinfo/python-list
