<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Andreas,<br>
<br>
</div>
<blockquote
cite="mid:CAKdk67s4DCpGcLoooh=y5QwOMcTBSfX+vQ+nhAARDijF-W47rA@mail.gmail.com"
type="cite">
<div dir="ltr">Leonard,<br>
<br>
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div> <br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
> (x3dom) ... suggests to uses the http server which
comes with python:<br>
><br>
> <a moz-do-not-send="true"
href="http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html"
rel="noreferrer" target="_blank">http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html</a><br>
><br>
> Running a http server (but web browser ?) may be
considered a security<br>
> hole if outgoing traffic somehow was not considered
in security design.<br>
<br>
Please expand on this. Do you mean the simple python
server, a<br>
full-blown server on local (e.g., Apache), web server on
the LAN, or an<br>
external web server? There are different security issues
in each<br>
configuration and the risk goes from minimal to
significant.<br>
<br>
</blockquote>
<div><br>
</div>
<div>I was trying to make sense of Don's comment on
security holes. The simple python server may not be that
different from Apache in a security sense. As you say it
is all in the configuration and network setup.<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Python's SimpleHTTPServer class is not fully functional. It only
supports GET and HEAD and only files in the current working
directory (when started) and below. It does not support POST, PUT.<br>
<br>
There also appears to be no support for domain names. Everything is
referenced by localhost. It is also not meant to stay running. All
that being said; it still should be run on a port (D=8000) that is
blocked by a firewall either on the local computer or within the
[sub-]network.<br>
<br>
Many websites use URL rewriting to change from a "nice" format to
something easier for software to parse. the Python server does not
have that capability. It is a real simple get exactly what you
request.<br>
<br>
<br>
General rules:<br>
1) Start it up only when necessary<br>
2) Start it up in the lowest directory that provides access to all
needed resources<br>
3) Start it up on a port that is blocked by a firewall (8000 usually
is)<br>
4) Terminate when work is done<br>
<br>
<br>
<blockquote
cite="mid:CAKdk67s4DCpGcLoooh=y5QwOMcTBSfX+vQ+nhAARDijF-W47rA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">..<br>
<br>
> It may be possible to package a small local web
server, webkit with js<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
> engine, and javascript app (cobweb) into a
standalone application with<br>
> a custom UI which can open local files. But it
would be a development<br>
> effort and the resulting application may be a
larger security risk<br>
> than a standard web browser although it would not
look like one.<br>
<br>
No, please don't (for anyone here). Too much effort has
already gone<br>
into the development of web servers, browsers, JS
engines, etc. to<br>
justify doing this.<br>
<br>
</blockquote>
<div><br>
</div>
<div>yep, my point. But I think this is what Don may have
looked for.<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
I suspected you were not going to code one, but I also wanted to
discourage anyone else from doing it either.<br>
<br>
<br>
Leonard Daly<br>
<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAKdk67s4DCpGcLoooh=y5QwOMcTBSfX+vQ+nhAARDijF-W47rA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div>Andreas<br>
</div>
<div> </div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
x3d-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:x3d-public@web3d.org">x3d-public@web3d.org</a>
<a class="moz-txt-link-freetext" href="http://web3d.org/mailman/listinfo/x3d-public_web3d.org">http://web3d.org/mailman/listinfo/x3d-public_web3d.org</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<font class="tahoma,arial,helvetica san serif" color="#333366">
<font size="+1"><b>Leonard Daly</b></font><br>
3D Systems & Cloud Consultant<br>
X3D Co-Chair on Sabbatical<br>
LA ACM SIGGRAPH Chair<br>
President, Daly Realism - <i>Creating the Future</i>
</font></div>
</body>
</html>