[x3d-public] ... cross-origin scripting errors
Andreas Plesch
andreasplesch at gmail.com
Wed Apr 13 12:22:38 PDT 2016
Leonard,
> > (x3dom) ... suggests to uses the http server which comes with python:
> >
> > http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html
> >
> > Running a http server (but web browser ?) may be considered a security
> > hole if outgoing traffic somehow was not considered in security design.
>
> Please expand on this. Do you mean the simple python server, a
> full-blown server on local (e.g., Apache), web server on the LAN, or an
> external web server? There are different security issues in each
> configuration and the risk goes from minimal to significant.
>
>
I was trying to make sense of Don's comment on security holes. The simple
python server may not be that different from Apache in a security sense. As
you say it is all in the configuration and network setup.
..
> It may be possible to package a small local web server, webkit with js
> > engine, and javascript app (cobweb) into a standalone application with
> > a custom UI which can open local files. But it would be a development
> > effort and the resulting application may be a larger security risk
> > than a standard web browser although it would not look like one.
>
> No, please don't (for anyone here). Too much effort has already gone
> into the development of web servers, browsers, JS engines, etc. to
> justify doing this.
>
>
yep, my point. But I think this is what Don may have looked for.
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20160413/30fd18e6/attachment.html>
More information about the x3d-public
mailing list