Orbeon Forms community mailing list

Server-side or Client-side?

classic Classic list List threaded Threaded
4 messages Options
Innomin8
Reply | Threaded
Open this post in threaded view
|

Server-side or Client-side?

Innomin8
Hi Guys,

I'm about to give this a go in a test server, with no authentication, so
this won't be blindingly obvious just yet, but I was wondering whether
instances, retrieved through <xforms:instance src="somthing.cgi"> are
done client-side or server-side?

The reason I ask, is that we're looking to do an internal forms system
which will require data sources (instances) to be retrieves from secure
web servers, which the users will already be logged into.  If the
instance retrieval is done via Javascript, it won't be a problem because
the browsers will authenticate, but if it's done server-side, then it's
going to be a major headache.  Anyone know?

Thanks.



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Ryan Puddephatt
Reply | Threaded
Open this post in threaded view
|

RE: Server-side or Client-side?

Ryan Puddephatt
Lee,

The instance retrival is done server-side.

Ryan

Ryan Puddephatt
Software Engineer

Teleflex Group - IT UK
1 Michaelson Square
Livingston
West Lothian
Scotland
EH54 7DP

e> [hidden email]
t> +44(0)1506 407 110
f> +44(0)1506 407 108

 

>-----Original Message-----
>From: Lee Standen [mailto:[hidden email]]
>Sent: 24 October 2006 09:07
>To: [hidden email]
>Subject: [ops-users] Server-side or Client-side?
>
>Hi Guys,
>
>I'm about to give this a go in a test server, with no
>authentication, so this won't be blindingly obvious just yet,
>but I was wondering whether instances, retrieved through
><xforms:instance src="somthing.cgi"> are done client-side or
>server-side?
>
>The reason I ask, is that we're looking to do an internal
>forms system which will require data sources (instances) to be
>retrieves from secure web servers, which the users will
>already be logged into.  If the instance retrieval is done via
>Javascript, it won't be a problem because the browsers will
>authenticate, but if it's done server-side, then it's going to
>be a major headache.  Anyone know?
>
>Thanks.
>
>



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Server-side or Client-side?

Erik Bruchez
Administrator
Correct. The system is designed so that only control values end up on
the client. This way, instance data that is private (i.e. that doesn't
have controls bound to it), never make it to the client.

Note that even if you chose client-side state handling, that state is
encrypted.

What kind of authentication are you using for those instances? The
XForms engine actually forwards the Basic HTTP auth Authorization
header, as well as the JSESSIONID cookie, when loading instances.

-Erik

Ryan Puddephatt wrote:

> Lee,
>
> The instance retrival is done server-side.
>
> Ryan
>
> Ryan Puddephatt
> Software Engineer
>
> Teleflex Group - IT UK
> 1 Michaelson Square
> Livingston
> West Lothian
> Scotland
> EH54 7DP
>
> e> [hidden email]
> t> +44(0)1506 407 110
> f> +44(0)1506 407 108
>
>  
>
>> -----Original Message-----
>> From: Lee Standen [mailto:[hidden email]]
>> Sent: 24 October 2006 09:07
>> To: [hidden email]
>> Subject: [ops-users] Server-side or Client-side?
>>
>> Hi Guys,
>>
>> I'm about to give this a go in a test server, with no
>> authentication, so this won't be blindingly obvious just yet,
>> but I was wondering whether instances, retrieved through
>> <xforms:instance src="somthing.cgi"> are done client-side or
>> server-side?
>>
>> The reason I ask, is that we're looking to do an internal
>> forms system which will require data sources (instances) to be
>> retrieves from secure web servers, which the users will
>> already be logged into.  If the instance retrieval is done via
>> Javascript, it won't be a problem because the browsers will
>> authenticate, but if it's done server-side, then it's going to
>> be a major headache.  Anyone know?
>>
>> Thanks.
--
Orbeon - XForms Everywhere:
http://www.orbeon.com/blog/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Server-side or Client-side?

Alessandro Vernet
Administrator
In reply to this post by Innomin8
On 10/24/06, Lee Standen <[hidden email]> wrote:
> The reason I ask, is that we're looking to do an internal forms system
> which will require data sources (instances) to be retrieves from secure
> web servers, which the users will already be logged into.  If the
> instance retrieval is done via Javascript, it won't be a problem because
> the browsers will authenticate, but if it's done server-side, then it's
> going to be a major headache.  Anyone know?

Note that even if the request is made from server, just for the
purpose you mentioned, the server will in certain cases forward some
information, like the basic authentication header (Authorization
header) and cookies (Cookie header).

Alex
--
Blog (XML, Web apps, Open Source):
http://www.orbeon.com/blog/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Free forum by Nabble Edit this page