Using python from a browser/security hole

Philippe C. Martin philippecmartin at sbcglobal.net
Fri Apr 15 10:18:54 EDT 2005 

Thanks Jim,

From all I hear, it looks like the client authentication will have tobe made 
"on the side of the browser", between the server and a specific program 
running on the client. Not as nice but ....

Regards,

Philippe




On Friday 15 April 2005 08:52 am, James Carroll wrote:
> I don't think Jython will help much here... you would have to embed
> jython in your applet which makes it big, which makes it take longer
> to download... (or you could install it ahead of time on each client.)
>
> I asked my friend who did some smartcard authentication at a previous
> job... and in his case the card had an LCD readout that gave a
> different key every minute, and the user had to look at that number,
> and type it in for access.   To automate this, with a card reader,
> there could be a (barcoder-scanner-like) app on each client that would
> emulate typing on the keyboard when the card was read.  The user would
> have to click on a text field, then scan their card and the number
> would show up automatically.  One step further... some javascript
> could possibly get the keyboard events as long as the page had input
> focus, and if it sees a smart-card key like sequence of keystrokes,
> then submit a form from a hidden IFrame....
>
> So, short of writing your own plug-in extension for each different
> browser, I'm not sure you're going to be able to access the client
> hardware from a client-side web page.  Either way (plug-in or java
> applet with privileges) your user will have to agree to give access to
> the hardware.
>
> -Jim
>
> On 4/15/05, Philippe C. Martin <philippe at philippecmartin.com> wrote:
> > Neil,
> >
> > Would Jpython let me do that ?
> > Would java let me call an external Python script - which in turn would
> > access my device ?
> >
> > Thanks
> >
> > Philippe
> >
> > Neil Hodgson wrote:
> > > Philippe:
> > >> Since I need to access a local/client device from the page and
> > >> that I wish to be cross-platform; does that mean Java is my only
> > >> way out ?
> > >
> > >    Java is designed to be safe and not allow access to client devices.
> > > There is a mechanism where you can attempt to ask for permission from
> > > Java but it looked complex to me and I doubt many browsers will
> > > cooperate. They have often locked security down to prevent this sort of
> > > access.
> > >
> > >    Neil
> >
> > --
> > http://mail.python.org/mailman/listinfo/python-list

-- 
*************************************
Philippe C. Martin
SnakeCard, LLC
www.snakecard.com
+1 405 694 8098
*************************************

More information about the Python-list mailing list