You're right about security holes or issues, but what i mean is : Web client is just sending JSON commands to a local host that operates locally, the operations are not on internet , i mean it will be like to send remote commands to a local Fossil CLI, something like that but using http as the protocol together with JSON to send the commands, that will go on internet, i'don't know if fossill uses SSL or HTTPS (i guess yes) and with that i don't see a problem sending a JSON command on internet, all the operations will be local because will be made by the Fossil web server activated localy by each user, and Javascript again is running on client side... of cousse if you don't use SSL or HTTPS the javascript could be viewed by a sniffer but also the actual JSON API to just query or ask for dir or other commands can be viewed without using SSL or HTTPS.
So i will study JSON and CSON in the source code to make somo proof of concept, and i will share results hardly i understand the code and can hack examples. Regards.
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
