Friday, May 19th, 2006

Eventsites: serverless web-development

Category: Articles, Showcase

Peter Nixey has developed a single-page Ajax application that stores nothing on the server side of his application, but rather uses the power of mashup and talks to external web services (Flickr, evdb, Google Maps).

Peter has written up a few articles to explain the application.

These articles talk about details of the implementation, and how he solved issues such as making XHR cross-domain (in this case with a simple server proxy)

  1. < ?php
  2. $remoteURL = $_GET&#91;'url'];
  3. $fp   = fopen($remoteURL, 'r');
  4.  
  5. header('Content-type: text/xml');
  6. if($fp){
  7. fpassthru($fp);
  8. }else{
  9. echo
  10. '<?xml version="1.0" encoding="UTF-8"?>
  11. <root connection="false">
  12. <eventsites_message>
  13. Failed to connect
  14. </eventsites_message>
  15. </root>';
  16. }
  17. ?>

Event Sites

Posted by Dion Almaer at 8:54 am
8 Comments

++++-
4.4 rating from 33 votes

8 Comments »

Comments feed TrackBack URI

crikey, thats the coolest damned thing / concept i’ve seen in a while. Also, love the minimalist proxy. Such a really cool concept, taking mashups to the next level.

Comment by Allen — May 19, 2006

If you add in client-side storage in a Flash object, it’s not a hard leap to kiosk type software running in a browser on a computer without an Internet connection.

Comment by Phil — May 19, 2006

s/proxy/security hole/

That PHP is going to let anyone read any local file on the filesystem that apache can see. I wish people wouldn’t post dumb things like that, because others are going to blindly copy it.

Comment by Bob Ippolito — May 19, 2006

Heh “please download Firefox” it says. Well, besides the slew of JS errors messages i get.

Comment by Marty — May 19, 2006

mypage.php?url=/etc/passwd
Id probably use something like that with this script. Dont forget to sanitize that $_GET[‘url’]!

Comment by earl — May 20, 2006

Oh yes, minimalist proxy, (nearly) maximalist read access to the filesystem due to not sanitizing user input in any way…

Comment by Martin — May 20, 2006

Martin,

Good point. I was actually sanitising requests to make sure they were external when I first wrote the app but then forgot to do the same after deployment.

Very good point, horrendous security hole – thanks for pointing it out.

Comment by Peter Nixey — May 21, 2006

You can use Flash for cross-domain GETs and POSTs. See Flash4AJAX: http://blog.monstuff.com/archives/000280.html
The main restriction is that the services you’re targetting need to allow this kind of access, thru a cross-domain policy file within their domain.

Flash 8.5 will allow arbitrary HTTP requests, enabling the complete array of HTTP methods (HEAD, DELETE, …)

Comment by Julien Couvreur — May 22, 2006

Leave a comment

You must be logged in to post a comment.