[ 2 comments ] ( 62 views ) | permalink |
( 3 / 1801 )After getting a better understanding of the number of security holes that must be plugged in order to make JNEXT safe for deployment on public Web sites, it seems this is definitely not going to be a walk in the park. Ironically, The power and flexibility of JavaScript, which motivated me to create JNEXT in the first place, is the very reason that makes the task of letting JNEXT loose on the Web a very difficult one.
Since at this point, there are not many people actively involved in developing JNEXT, my dilemma is whether to spend more time researching how to make JNEXT's security watertight or to forget about Web deployment for now, define JNEXT as a tool for rapid application development and concentrate on creating cool extensions for it.
Anyone care to comment ?
[ add comment ] ( 20 views ) | permalink |
( 3 / 1819 )After assessing the amount of work required for the next release my estimation is that it will take at least two months to complete the job (unless anyone volunteers to help, which given the amount of exposure JNEXT has received until now is highly unlikely).
However, once completed, this framework will have the potential to change the way we think about what Web sites can do.
As always, good technology is never enough, and so the next step (which I intend to start implementing with the next release) is to make sure that installing and using JNEXT by both Web users and Web site developers will be ridiculously simple, extremely appealing and uncompromisingly secure. To this effect, cool sample RIA via JNEXT applications will be added to jnext.org and client and server side installation and management will be much simpler and more user friendly.
There's plenty to do so I'll stop blabbing now and get to work...
[ add comment ] ( 12 views ) | permalink |
( 3 / 1111 )The past few days I've been studying OpenSSL and after many searches, wading through various samples, scraping information from mailing lists and the odd documentation texts, I've finally got all the necessary plumbing together to support the security infrastructure for JNEXT. The next version of JNEXT is planned to be released with this framework, making JNEXT finally ready to be run on public Web sites.
The basic idea is as follows: Any Web site that runs JavaScript code that makes use of JNEXT, will have to sign that code with its private key, and make it's corresponding X509 certificate available for download by the JNEXT client. The JNEXT plugin will verify that the JavaScript code matches the signature, using the Web site certificate and the locally stored root certificate of the CA that issued the Web site certificate.
If the root certificate of the Certificate Authority, the Web site certificate, the JavaScript code and the JavaScript code signature are inconsistent, then JNEXT will not allow the JavaScript code from that page access to native code via JNEXT extensions.
[ add comment ] ( 12 views ) | permalink |
( 3 / 1031 )It's 2:07am here now, which will definitely have a bad effect on my productivity at work tomorrow, but I've finally completed support for both UDP and TCP sockets, so now the sample illustrates how to use TCP and UDP sockets from JavaScript.
I've verified that the new JavaScript TCP/UDP socket samples work on IE,Firefox,Google Chrome and Opera
As always, full sources are available for download as well
Enjoy... :-)
[ 2 comments ] ( 54 views ) | permalink |
( 3 / 1096 )
Calendar
