The Inbox: WebClient-Help-hjh.12.mcz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

The Inbox: WebClient-Help-hjh.12.mcz

commits-2
A new version of WebClient-Help was added to project The Inbox:
http://source.squeak.org/inbox/WebClient-Help-hjh.12.mcz

==================== Summary ====================

Name: WebClient-Help-hjh.12
Author: hjh
Time: 21 March 2019, 9:17:15.221027 am
UUID: de170216-199a-4a97-9611-ca13691657f1
Ancestors: WebClient-Help-kfr.11

Replace  Smalltalk with SmalltalkImage current.

=============== Diff against WebClient-Help-kfr.11 ===============

Item was changed:
  ----- Method: WebServerHelp class>>addingActions (in category 'pages') -----
  addingActions
  "This method was automatically generated. Edit it using:"
  "WebServerHelp edit: #addingActions"
+ ^(HelpTopic
- ^HelpTopic
  title: 'Adding Actions'
  contents:
  'Let''s add some real stuff that might be useful on a server:
 
  WebServer default addService: ''/smalltalk'' action:[:req| | action |
  action := (req fields at: ''get'' ifAbsent:['''']) asSymbol.
+ req send200Response: (SmalltalkImage current perform: action) asString
- req send200Response: (Smalltalk perform: action) asString
  ].
 
  We can now request some interesting things like:
 
  (WebClient httpGet:''http://localhost:8080/smalltalk?get=systemInformationString'') content.
  (WebClient httpGet:''http://localhost:8080/smalltalk?get=platformName'') content.
 
  Obviously, this poses quite a risk for abuse. One way to limit this risk is to expose specific actions, such as here:
 
  #(systemInformationString platformName) do:[:symbol|
  WebServer default addService: ''/info/'', symbol action:[:req|
  req send200Response: (Smalltalk perform: symbol) asString]].
 
  (WebClient httpGet:''http://localhost:8080/info/systemInformationString'') content.
  (WebClient httpGet:''http://localhost:8080/info/platformName'') content.
 
  Alternatively, authentication can be used to limit access to exposed resources.
  !!
+ ]style[(72 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 23 8 1 6 1 1 8 68 8 61 2 7 14 8 50 2 7 126 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 16 8 52 2 7 14 8 41 2 7 84),c000000126,,c000000126,,c126000126,,c000000126,,c000000126,cgray;,,cgray;,,cgray;,,cgray;,,cgray;,,b,,c000126000,c000000126,,c000000126,,c000000126,,c126000126,,c000000126,c126000126,c000126000,,c000000126,,c000000126,,c000000126,,c000126000,,c000000126,,cgray;,c000126000,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,,c000000126,,c000000126,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,c000000126,,c000000126,,c000000126,c000126000,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,,c000000126,,c000000126,c126000126,,c000000126,c000126000,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,!!' readStream nextChunkText)
+ key: #addingActions!
- ]style[(61 11 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 10 8 1 6 1 1 8 5 51 12 8 61 2 7 14 8 50 2 7 2 121 3 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 3 1 12 8 52 2 7 14 8 41 2 7 2 82),cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,b,cblack;,c000127000,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,c127000127,c000127000,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000127000,cblack;,c000000127,cblack;,cgray;,c000127000,cblack;,c000000127,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,c000000127,cblack;,c000000127,cblac
 k;,c000000127,c000127000,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,c000127000,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,!!' readStream nextChunkText!


Reply | Threaded
Open this post in threaded view
|

Re: The Inbox: WebClient-Help-hjh.12.mcz

Tobias Pape

> On 21.03.2019, at 09:17, [hidden email] wrote:
>
> A new version of WebClient-Help was added to project The Inbox:
> http://source.squeak.org/inbox/WebClient-Help-hjh.12.mcz
>
> ==================== Summary ====================
>
> Name: WebClient-Help-hjh.12
> Author: hjh
> Time: 21 March 2019, 9:17:15.221027 am
> UUID: de170216-199a-4a97-9611-ca13691657f1
> Ancestors: WebClient-Help-kfr.11
>
> Replace  Smalltalk with SmalltalkImage current.
>

Why? Especially, since SmalltalkImage class>>current reads:

current
        "Deprecated. Use Smalltalk instead."
        ^Smalltalk

Best regards
        -Tobias

> =============== Diff against WebClient-Help-kfr.11 ===============
>
> Item was changed:
>  ----- Method: WebServerHelp class>>addingActions (in category 'pages') -----
>  addingActions
>   "This method was automatically generated. Edit it using:"
>   "WebServerHelp edit: #addingActions"
> + ^(HelpTopic
> - ^HelpTopic
>   title: 'Adding Actions'
>   contents:
>  'Let''s add some real stuff that might be useful on a server:
>
>   WebServer default addService: ''/smalltalk'' action:[:req| | action |
>   action := (req fields at: ''get'' ifAbsent:['''']) asSymbol.
> + req send200Response: (SmalltalkImage current perform: action) asString
> - req send200Response: (Smalltalk perform: action) asString
>   ].
>
>  We can now request some interesting things like:
>
>   (WebClient httpGet:''http://localhost:8080/smalltalk?get=systemInformationString'') content.
>   (WebClient httpGet:''http://localhost:8080/smalltalk?get=platformName'') content.
>  
>  Obviously, this poses quite a risk for abuse. One way to limit this risk is to expose specific actions, such as here:
>
>   #(systemInformationString platformName) do:[:symbol|
>   WebServer default addService: ''/info/'', symbol action:[:req|
>   req send200Response: (Smalltalk perform: symbol) asString]].
>
>   (WebClient httpGet:''http://localhost:8080/info/systemInformationString'') content.
>   (WebClient httpGet:''http://localhost:8080/info/platformName'') content.
>
>  Alternatively, authentication can be used to limit access to exposed resources.
>  !!
> + ]style[(72 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 23 8 1 6 1 1 8 68 8 61 2 7 14 8 50 2 7 126 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 16 8 52 2 7 14 8 41 2 7 84),c000000126,,c000000126,,c126000126,,c000000126,,c000000126,cgray;,,cgray;,,cgray;,,cgray;,,cgray;,,b,,c000126000,c000000126,,c000000126,,c000000126,,c126000126,,c000000126,c126000126,c000126000,,c000000126,,c000000126,,c000000126,,c000126000,,c000000126,,cgray;,c000126000,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,,c000000126,,c000000126,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,c000000126,,c000000126,,c000000126,c000126000,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,,c000000126,,c000000126,c126000126,,c000000126,c000126000,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,!!' readStream nextChunkText)
> + key: #addingActions!
> - ]style[(61 11 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1 9 4 1 1 8 4 3 1 16 1 1 10 8 1 6 1 1 8 5 51 12 8 61 2 7 14 8 50 2 7 2 121 3 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 3 1 12 8 52 2 7 14 8 41 2 7 2 82),cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,b,cblack;,c000127000,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,c127000127,c000127000,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000127000,cblack;,c000000127,cblack;,cgray;,c000127000,cblack;,c000000127,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,c000000127,cblack;,c000000127,cblac
> k;,c000000127,c000127000,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,c000127000,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,!!' readStream nextChunkText!
>
>



Reply | Threaded
Open this post in threaded view
|

Re: The Inbox: WebClient-Help-hjh.12.mcz

Hannes Hirzel
Thank you for the feedback.

I re-checked, you are right,

No changes necessary.

Please move the contribution from the 'inbox' to 'treated'.

Regards
Hannes

On 3/21/19, Tobias Pape <[hidden email]> wrote:

>
>> On 21.03.2019, at 09:17, [hidden email] wrote:
>>
>> A new version of WebClient-Help was added to project The Inbox:
>> http://source.squeak.org/inbox/WebClient-Help-hjh.12.mcz
>>
>> ==================== Summary ====================
>>
>> Name: WebClient-Help-hjh.12
>> Author: hjh
>> Time: 21 March 2019, 9:17:15.221027 am
>> UUID: de170216-199a-4a97-9611-ca13691657f1
>> Ancestors: WebClient-Help-kfr.11
>>
>> Replace  Smalltalk with SmalltalkImage current.
>>
>
> Why? Especially, since SmalltalkImage class>>current reads:
>
> current
> "Deprecated. Use Smalltalk instead."
> ^Smalltalk
>
> Best regards
> -Tobias
>
>> =============== Diff against WebClient-Help-kfr.11 ===============
>>
>> Item was changed:
>>  ----- Method: WebServerHelp class>>addingActions (in category 'pages')
>> -----
>>  addingActions
>>   "This method was automatically generated. Edit it using:"
>>   "WebServerHelp edit: #addingActions"
>> + ^(HelpTopic
>> - ^HelpTopic
>>   title: 'Adding Actions'
>>   contents:
>>  'Let''s add some real stuff that might be useful on a server:
>>
>>   WebServer default addService: ''/smalltalk'' action:[:req| | action |
>>   action := (req fields at: ''get'' ifAbsent:['''']) asSymbol.
>> + req send200Response: (SmalltalkImage current perform: action) asString
>> - req send200Response: (Smalltalk perform: action) asString
>>   ].
>>
>>  We can now request some interesting things like:
>>
>>   (WebClient
>> httpGet:''http://localhost:8080/smalltalk?get=systemInformationString'')
>> content.
>>   (WebClient httpGet:''http://localhost:8080/smalltalk?get=platformName'')
>> content.
>>  
>>  Obviously, this poses quite a risk for abuse. One way to limit this risk
>> is to expose specific actions, such as here:
>>
>>   #(systemInformationString platformName) do:[:symbol|
>>   WebServer default addService: ''/info/'', symbol action:[:req|
>>   req send200Response: (Smalltalk perform: symbol) asString]].
>>
>>   (WebClient
>> httpGet:''http://localhost:8080/info/systemInformationString'') content.
>>   (WebClient httpGet:''http://localhost:8080/info/platformName'') content.
>>
>>  Alternatively, authentication can be used to limit access to exposed
>> resources.
>>  !!
>> + ]style[(72 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1 5 1
>> 9 4 1 1 8 4 3 1 16 1 1 23 8 1 6 1 1 8 68 8 61 2 7 14 8 50 2 7 126 23 1 12
>> 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8 1 6 1 1 8 1 16
>> 8 52 2 7 14 8 41 2 7
>> 84),c000000126,,c000000126,,c126000126,,c000000126,,c000000126,cgray;,,cgray;,,cgray;,,cgray;,,cgray;,,b,,c000126000,c000000126,,c000000126,,c000000126,,c126000126,,c000000126,c126000126,c000126000,,c000000126,,c000000126,,c000000126,,c000126000,,c000000126,,cgray;,c000126000,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,,c000000126,,c000000126,,c000000126,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,c000000126,,c000000126,,c000000126,c000126000,,c000000126,cgray;,,c000000126,,c000000126,,c126000126,,c000000126,,c000000126,c126000126,,c000000126,c000126000,,c000000126,c126000126,,c000000126,,c000000126,c126000126,,c000000126,!!'
>> readStream nextChunkText)
>> + key: #addingActions!
>> - ]style[(61 11 7 1 11 1 12 1 7 2 3 1 1 1 1 6 1 1 3 6 1 2 1 1 3 1 6 1 3 1
>> 5 1 9 4 1 1 8 4 3 1 16 1 1 10 8 1 6 1 1 8 5 51 12 8 61 2 7 14 8 50 2 7 2
>> 121 3 23 1 12 2 3 2 6 1 13 7 1 11 1 8 1 1 6 1 7 1 1 3 1 4 3 1 16 1 1 10 8
>> 1 6 1 1 8 1 3 1 12 8 52 2 7 14 8 41 2 7 2
>> 82),cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,cgray;,cblack;,b,cblack;,c000127000,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,c127000127,c000127000,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000127000,cblack;,c000000127,cblack;,cgray;,c000127000,cblack;,c000000127,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,c000000127,cblack;,c000000127,cblac
>> k;,c000000127,c000127000,cblack;,c000000127,cgray;,cblack;,c000000127,cblack;,c000000127,cblack;,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,c000127000,cblack;,,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,c000000127,c127000127,cblack;,c000000127,cblack;,!!'
>> readStream nextChunkText!
>>
>>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: The Inbox: WebClient-Help-hjh.12.mcz

David T. Lewis
On Thu, Mar 21, 2019 at 11:36:23AM +0100, H. Hirzel wrote:

> Thank you for the feedback.
>
> I re-checked, you are right,
>
> No changes necessary.
>
> Please move the contribution from the 'inbox' to 'treated'.
>
> Regards
> Hannes

Done