bjaspan
01-27-2006, 05:50 AM
I am writing a SOLO deployed Laszlo app that obtains XML data via HTTP. I would like to make it difficult (I realize that "impossible" is unachievable) for end users to see the XML data directly such as by just accessing the source URL. Here is what I'm pretty sure I can do:
1. The XML data will only be available via HTTPS (assuming a SOLO Laszlo app in a browser can do this) so it can't be packet-sniffed, though this doesn't prevent a user from just accessing the URL directly with their browser.
2. My app is running inside a session (in fact, I'm using Drupal) and the script providing the data will insist on having the session identifier in the request (in fact, this is how I'll apply Drupal's authorization mechanism to controling which people can access which data).
These are both pretty low hurdles to overcome, though. What I'd really like to do is end-to-end "encryption": the source script encrypts it and Laszlo code decrypts it. For now, assume my "encryption" is just "XOR each byte with 0xFF" (I'll do better than that, but even a weak encoding will prevent all but serious attackers from reading the data).
My question (I think) is: How do I convert encoded data on the wire into parsed XML data inside a <dataset>?
The Developer's Guide says "In SOLO applications, the XMLHTTPRequest [lets you] get the raw text of the XML as a string, before it is parsed." So I can obtain the encoded data and decode into a new XML document. How do I then stuff that into a dataset?
Alternatively, is there a Much Better Way of achieving my overall goal?
Thanks,
Barry
1. The XML data will only be available via HTTPS (assuming a SOLO Laszlo app in a browser can do this) so it can't be packet-sniffed, though this doesn't prevent a user from just accessing the URL directly with their browser.
2. My app is running inside a session (in fact, I'm using Drupal) and the script providing the data will insist on having the session identifier in the request (in fact, this is how I'll apply Drupal's authorization mechanism to controling which people can access which data).
These are both pretty low hurdles to overcome, though. What I'd really like to do is end-to-end "encryption": the source script encrypts it and Laszlo code decrypts it. For now, assume my "encryption" is just "XOR each byte with 0xFF" (I'll do better than that, but even a weak encoding will prevent all but serious attackers from reading the data).
My question (I think) is: How do I convert encoded data on the wire into parsed XML data inside a <dataset>?
The Developer's Guide says "In SOLO applications, the XMLHTTPRequest [lets you] get the raw text of the XML as a string, before it is parsed." So I can obtain the encoded data and decode into a new XML document. How do I then stuff that into a dataset?
Alternatively, is there a Much Better Way of achieving my overall goal?
Thanks,
Barry