Comments on: The Failure of Cometd http://orbited.org/blog/2007/04/the-failure-of-cometd/ Blogging Comet Applications Fri, 30 Jul 2010 07:34:24 +0000 http://wordpress.org/?v=abc By: xh http://orbited.org/blog/2007/04/the-failure-of-cometd/#comment-22 xh Wed, 29 Aug 2007 14:24:07 +0000 http://www.orbited.org/blog/?p=11#comment-22 <p>about your point 4 : There currently exists no security.</p> <p>You can actually set the security policy on the server side, like for jetty-cometd implementation, 1 of the classes in the servlet is implementing this</p> <p>public interface SecurityPolicy { boolean canCreate(Client client,Channel channel,Map message); boolean canSubscribe(Client client,Channel channel,Map messsage); boolean canSend(Client client,Channel channel,Map message); boolean authenticate(String scheme, String user, String credentials); }</p> <p>where set whether to return true/false when encountered such a request</p> <p>likewise, for your pt 5 on private chatroom, you can allow private channels e.g for what I did for my instant messaging application, I assigned a special channel /some_prefix/clientId to each client so each client can subscribe to his/her own channel. But other users will not be able to subscribe to it. In this case, other users still can send messages to this channel but cannot receive anything except the owner.(which might be 1 of the reason why we allow users to send to a channel without subscribing to it)</p> about your point 4 : There currently exists no security.

You can actually set the security policy on the server side, like for jetty-cometd implementation, 1 of the classes in the servlet is implementing this

public interface SecurityPolicy { boolean canCreate(Client client,Channel channel,Map message); boolean canSubscribe(Client client,Channel channel,Map messsage); boolean canSend(Client client,Channel channel,Map message); boolean authenticate(String scheme, String user, String credentials); }

where set whether to return true/false when encountered such a request

likewise, for your pt 5 on private chatroom, you can allow private channels e.g for what I did for my instant messaging application, I assigned a special channel /some_prefix/clientId to each client so each client can subscribe to his/her own channel. But other users will not be able to subscribe to it. In this case, other users still can send messages to this channel but cannot receive anything except the owner.(which might be 1 of the reason why we allow users to send to a channel without subscribing to it)

]]> By: Orbited Blog » Blog Archive » Juggernaut is a Bad Idea http://orbited.org/blog/2007/04/the-failure-of-cometd/#comment-21 Orbited Blog » Blog Archive » Juggernaut is a Bad Idea Wed, 29 Aug 2007 12:47:32 +0000 http://www.orbited.org/blog/?p=11#comment-21 <p>[...] Juggernaut internalizes its publish/subscribe architecture much in the same way that fdAjax or Cometd do. Refer to my sixth point in my previous post, The Failure of Cometd [...]</p> [...] Juggernaut internalizes its publish/subscribe architecture much in the same way that fdAjax or Cometd do. Refer to my sixth point in my previous post, The Failure of Cometd [...]

]]> By: Orbited Blog » Blog Archive » Why Orbited Doesn’t Suck http://orbited.org/blog/2007/04/the-failure-of-cometd/#comment-9 Orbited Blog » Blog Archive » Why Orbited Doesn’t Suck Mon, 27 Aug 2007 17:33:49 +0000 http://www.orbited.org/blog/?p=11#comment-9 <p>[...] – Michael covered this pretty well in his post, but I’d like to add that I tried to read through the Bayeux protocol, and looked through the [...]</p> [...] – Michael covered this pretty well in his post, but I’d like to add that I tried to read through the Bayeux protocol, and looked through the [...]

]]>