On Thu, 2014-01-23 at 08:55 +0100, Tarnyko wrote:
> Hi Daniel,
>
> I guess that if I wanted it to work in its current state, I would have a CGI
> (or other) app handling authentication, and if successful spawning the GTK+
> application on a new IP port and redirecting the user to this port.
>
> Subsequent connections to this IP port should be protected by some web
> server magic (reading a password database).
>
> But I agree that it would be nice if such a feature was supported
> out-of-the-box.
I've done a lot of reading on this subject in the last few weeks
(being that I don't exactly have a web background), it would seem
that such an out-of-the-box solution would be unrealistic - given
the stateless nature of HTTP and the ever-evolving state of the
art in web security and authentication (you have various forms
of authentication with various tradeoffs you would make for different
types of web sites/services).
But I would be really interested in understanding how this backend
works, perhaps one could run the web server with libsoup and perform
authentication there, passing a session identifier directly to the
broadway backend - routing all traffic relevant to that given session
to the appropriate application UI instance (perhaps one
GtkApplicationWindow could be used for each active session ?
and a special GtkWindow could be used for any unauthenticated user,
just to display a splash / login page ?).
Somehow I think using a separate port for each active session is
unrealistic (what if you have many active sessions, can you really
just allocate that many ports ?).
Anyway, I'm no expert in web/http but learning about it, and would
be really interested in a solution for this as well... perhaps I will
dig into this in the coming months.
Cheers,
-Tristan
>
> Regardsn
> Tarnyko
>
> Daniel Kasak writes:
>
> > Fair enough. Good to see someone answer ;) The other question I posted to
> > an app-devel list or something like that. I can deal with not being able to
> > resize / maximise for now. What I'm not clear on is security. The way I
> > assumed it would work was this:
> >
> > - I write a simple login page that checks credentials in a DB
> > - If login is successful, an authentication key is generated, an instance
> > of broadwayd is spawned on a new port, an instance of the app is spawned,
> > and pointed ( somehow ) at the correct instance of broadwayd, and the key
> > and port is returned to the client's browser
> >
> > What happens from here on is less clear. The browser would have to keep
> > passing this key back to broadwayd or the app? Can we use https or tunnel
> > through ssh? Is anything like this implemented already?
> >
> > From what I've seen with my limited testing, the default setup basically
> > allows anyone to hit the IP / port that broadway is running on, and take
> > over control of the app.
> >
> > Any thoughts?
> >
> > Dan
> >
> >
> > On Thu, Jan 23, 2014 at 11:07 AM, Jasper St. Pierre
> > <jstpierre@xxxxxxxxxxx>wrote:
> >
> >> Hi Daniel,
> >>
> >> I can only find one email to this list about this, which is about
> >> maximizing windows on Broadway. I'm sorry I didn't reply, but I was busy
> >> that day. I do remember investigating the question before getting poked to
> >> do something else instead.
> >>
> >> Broadway is indeed not "officially" supported, in that it's not ready for
> >> production.
> >>
> >>
> >> On Wed, Jan 22, 2014 at 6:55 PM, Daniel Kasak <d.j.kasak.dk@xxxxxxxxx>wrote:
> >>
> >>> Hi all. Unfortunately, my last couple of posts to various gtk lists on
> >>> this topic have had ZERO replies :(
> >>>
> >>> This is giving me the impression that broadway is not officially
> >>> supported, and possibly developed and maintained by a single person. Is
> >>> this the case? Does anyone know who I'd contact who does know about
> >>> broadway status?
> >>>
> >>> Dan
> >>>
> >>> _______________________________________________
> >>> gtk-list mailing list
> >>> gtk-list@xxxxxxxxx
> >>> https://mail.gnome.org/mailman/listinfo/gtk-list
> >>>
> >>>
> >>
> >>
> >> --
> >> Jasper
> >>
> _______________________________________________
> gtk-list mailing list
> gtk-list@xxxxxxxxx
> https://mail.gnome.org/mailman/listinfo/gtk-list
_______________________________________________
gtk-list mailing list
gtk-list@xxxxxxxxx
https://mail.gnome.org/mailman/listinfo/gtk-list
