Using python from a browser/security hole
James Carroll
mrmaple at gmail.com
Fri Apr 15 09:52:41 EDT 2005
I don't think Jython will help much here... you would have to embed
jython in your applet which makes it big, which makes it take longer
to download... (or you could install it ahead of time on each client.)
I asked my friend who did some smartcard authentication at a previous
job... and in his case the card had an LCD readout that gave a
different key every minute, and the user had to look at that number,
and type it in for access. To automate this, with a card reader,
there could be a (barcoder-scanner-like) app on each client that would
emulate typing on the keyboard when the card was read. The user would
have to click on a text field, then scan their card and the number
would show up automatically. One step further... some javascript
could possibly get the keyboard events as long as the page had input
focus, and if it sees a smart-card key like sequence of keystrokes,
then submit a form from a hidden IFrame....
So, short of writing your own plug-in extension for each different
browser, I'm not sure you're going to be able to access the client
hardware from a client-side web page. Either way (plug-in or java
applet with privileges) your user will have to agree to give access to
the hardware.
-Jim
On 4/15/05, Philippe C. Martin <philippe at philippecmartin.com> wrote:
> Neil,
>
> Would Jpython let me do that ?
> Would java let me call an external Python script - which in turn would
> access my device ?
>
> Thanks
>
> Philippe
>
>
> Neil Hodgson wrote:
>
> > Philippe:
> >
> >> Since I need to access a local/client device from the page and
> >> that I wish to be cross-platform; does that mean Java is my only
> >> way out ?
> >
> > Java is designed to be safe and not allow access to client devices.
> > There is a mechanism where you can attempt to ask for permission from
> > Java but it looked complex to me and I doubt many browsers will
> > cooperate. They have often locked security down to prevent this sort of
> > access.
> >
> > Neil
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
More information about the Python-list
mailing list