[dojo-contributors] "core dojo", packaging, and the build system

Jesse Kuhnert jkuhnert at gmail.com
Wed Apr 5 18:56:20 EDT 2006


Ouch, I don't think I meant for dojo to try managing the hosts...I was
imagining some sort of dojo sponsored thing where relationships are built
with trusted companies/hosts and the routing is done through, well..a
router/dns server somewhere.

On 4/5/06, Sandro Magi <smagi at naasking.homeip.net> wrote:
>
> An array of hosts with a random selection stored in dojo.js could be
> used to distribute the load across any number of servers. Whether this
> is actually a win depends on how scripts are cached by the browser. If
> the browsers are good, then distributing the scripts in this manner
> could very well *degrade* performance.
>
> Furthermore, this is potentially a security nightmare. Subverting any
> one of the hosting servers means an attacker could potentially steal
> information from any web applications which use dojo this way.
>
> You can close this vulnerability by storing secure hashes of the
> referenced scripts in the root dojo.js file. When the script is fetched,
> the computed hash must match the stored one to ensure that the script
> hasn't been compromised. If it doesn't match, the next server could be
> tried. I can't think how else you can ensure the app's security.
>
> Sandro
>
> Jesse Kuhnert wrote:
> > In regard to the globally available js package server, I still wish this
> > were possible. It seems the only barrier is trying to ask 1 entity to
> > host this, which just isn't feasible.
> >
> > I wish I knew more tcp/ip routing to make any thoughts I have
> > substantial but I thought that you can sort of round robin stagger a DNS
> > name to a number of different physical hosts....If this were possible,
> > and we could somehow guarantee only a certain amount of traffic going to
> > each particular entity it might be easier to get more companies/people
> > to volunteer bandwidth/server resources.
> >
> > But, like I said. I don't know enough about networking on this kind of
> > scale to know if it's feasible.
> >
> _______________________________________________
> dojo-contributors mailing list
> dojo-contributors at dojotoolkit.org
> http://dojotoolkit.org/mailman/listinfo/dojo-contributors
>



--
Jesse Kuhnert
Tacos/Tapestry, team member/developer

Open source based consulting work centered around
dojo/tapestry/tacos/hivemind.  http://opennotion.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.dojotoolkit.org/pipermail/dojo-contributors/attachments/20060405/6683516f/attachment.htm 


More information about the dojo-contributors mailing list