[OpenSocial] Re: javascript

alex k Tue, 20 Nov 2007 20:09:31 -0800
that's awesome

On Nov 20, 11:38 am, "Arne Roomann-Kurrik (Google)"
<[EMAIL PROTECTED]> wrote:
> We're working on mechanisms to allow OpenSocial to integrate better
> with third party servers.  A portion of this will be the Data API,
> which will let you make remote calls directly from your own server,
> allowing you to use PHP, Ruby, .NET, etc.
>
> The second portion of this involves passing OpenSocial data to a
> remote server in a manner like Kumar's yourscript.php?friend_id=1
> example.  However, this example has a security hole - you currently
> cannot verify that friend_id=1 is legit, and a malicious user could
> change the ID number being passed to impersonate another user.  We're
> bringing parameter signing into the OpenSocial spec that will allow a
> container verify that such parameters being passed are indeed
> legitimate.
>
> ~Arne
>
> On Nov 20, 11:24 am, "Kumar McMillan" <[EMAIL PROTECTED]>
> wrote:
>
> > On Nov 18, 2007 9:04 PM, alex k <[EMAIL PROTECTED]> wrote:
>
> > > Hi, I'm trying to figure out how to get around using javascript.  Does
> > > anyone know if the upcoming DATA API's will give us the ability to not
> > > use javascript?   I'm trying to use PHP or .NET on my own server.
>
> > sure, why not.  Just make a request to your script and have it return
> > JSON [1] or HTML [2].  If you return JSON then it would be more
> > flexible but you would have to write more javascript to parse it out.
> > If it was just HTML then I suppose you could simply assign the result
> > to a div and be done.  However, keep in mind your remote script won't
> > be able to work with the open social API beyond what you send it in
> > GET values (i.e. yourscript.php?friend_id=1) so you'll need to use
> > javascript for that.
>
> > [1]http://code.google.com/apis/gadgets/docs/remote-content.html#Fetch_JSON
> > [2]http://code.google.com/apis/gadgets/docs/remote-content.html#Fetch_text
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial API Definition" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
[OpenSocial] Re: javascript

Reply via email to
