Using python from a browser

Re: Using python from a browser

Philippe C. Martin a écrit :[color=blue]
> Hi,
>
> I have a python script I wish to call from various browsers (IE; Mozilla,
> Firefox ..) on Windows & Linux.[/color]

What do you mean ? Is that a client-side or server-side script ?
[color=blue]
> I read that IE had the capability to embedd Python scripts,[/color]

Where ?

Re: Using python from a browser

Hi,
[color=blue][color=green]
>> What do you mean ? Is that a client-side or server-side script ?[/color][/color]

Client side

[color=blue][color=green]
>>Where ?[/color][/color]
Programming Python - O'Reilly - 2nd edition - by Mark Lutz - Paragraph
"Teaching IE about Python" - Pages 922-925

Regards,

Philippe

Re: Using python from a browser

Hi !

I confirm for IE. Others, I don't know.

@-salutations

Michel Claveau

Re: Using python from a browser

Philippe:
[color=blue]
> I read that IE had the capability to embedd Python scripts, but what
> about the others ?[/color]

While Python can be set up as a scripting language for IE, this is
normally disabled as it could be a security hole. The open call is
available from Python scripts so a web site could read or destroy your
files.

Neil

Re: Using python from a browser/security hole

Since I need to access a local/client device from the page and that I wish
to be cross-platform; does that mean Java is my only way out ?

Regards,

Philippe



Neil Hodgson wrote:
[color=blue]
> Philippe:
>[color=green]
>> I read that IE had the capability to embedd Python scripts, but what
>> about the others ?[/color]
>
> While Python can be set up as a scripting language for IE, this is
> normally disabled as it could be a security hole. The open call is
> available from Python scripts so a web site could read or destroy your
> files.
>
> Neil[/color]

Re: Using python from a browser/security hole

Philippe:
[color=blue]
> Since I need to access a local/client device from the page and
> that I wish to be cross-platform; does that mean Java is my only
> way out ?[/color]

Java is designed to be safe and not allow access to client devices.
There is a mechanism where you can attempt to ask for permission from
Java but it looked complex to me and I doubt many browsers will
cooperate. They have often locked security down to prevent this sort of
access.

Neil

Re: Using python from a browser

Philippe C. Martin wrote:[color=blue]
> Hi,
>
>[color=green][color=darkred]
>>>What do you mean ? Is that a client-side or server-side script ?[/color][/color]
>
>
> Client side
>[/color]
So I can't help you...
[color=blue]
>[color=green][color=darkred]
>>>Where ?[/color][/color]
>
> Programming Python - O'Reilly - 2nd edition - by Mark Lutz - Paragraph
> "Teaching IE about Python" - Pages 922-925
>[/color]
Thanks, I'll have a look one day.

--
bruno desthuilliers
python -c "print '@'.join(['.'.join([w[::-1] for w in p.split('.')]) for
p in 'onurb@xiludom. gro'.split('@')])"

Re: Using python from a browser/security hole

Philippe C. Martin wrote:
[color=blue]
> Since I need to access a local/client device from the page and that I wish
> to be cross-platform; does that mean Java is my only way out ?[/color]

Or you could try Jython (http://www.jython.org/).

--
If I have been able to see further, it was only because I stood
on the shoulders of giants. -- Isaac Newton

Roel Schroeven

Re: Using python from a browser/security hole

Neil,

Would Jpython let me do that ?
Would java let me call an external Python script - which in turn would
access my device ?

Thanks

Philippe



Neil Hodgson wrote:
[color=blue]
> Philippe:
>[color=green]
>> Since I need to access a local/client device from the page and
>> that I wish to be cross-platform; does that mean Java is my only
>> way out ?[/color]
>
> Java is designed to be safe and not allow access to client devices.
> There is a mechanism where you can attempt to ask for permission from
> Java but it looked complex to me and I doubt many browsers will
> cooperate. They have often locked security down to prevent this sort of
> access.
>
> Neil[/color]

Re: Using python from a browser/security hole

I'll take a lok, thanks

Roel Schroeven wrote:
[color=blue]
> Philippe C. Martin wrote:
>[color=green]
>> Since I need to access a local/client device from the page and that I
>> wish to be cross-platform; does that mean Java is my only way out ?[/color]
>
> Or you could try Jython (http://www.jython.org/).
>[/color]

Re: Using python from a browser/security hole

I don't think Jython will help much here... you would have to embed
jython in your applet which makes it big, which makes it take longer
to download... (or you could install it ahead of time on each client.)

I asked my friend who did some smartcard authentication at a previous
job... and in his case the card had an LCD readout that gave a
different key every minute, and the user had to look at that number,
and type it in for access. To automate this, with a card reader,
there could be a (barcoder-scanner-like) app on each client that would
emulate typing on the keyboard when the card was read. The user would
have to click on a text field, then scan their card and the number
would show up automatically. One step further... some javascript
could possibly get the keyboard events as long as the page had input
focus, and if it sees a smart-card key like sequence of keystrokes,
then submit a form from a hidden IFrame....

So, short of writing your own plug-in extension for each different
browser, I'm not sure you're going to be able to access the client
hardware from a client-side web page. Either way (plug-in or java
applet with privileges) your user will have to agree to give access to
the hardware.

-Jim

On 4/15/05, Philippe C. Martin <philippe@phili ppecmartin.com> wrote:[color=blue]
> Neil,
>
> Would Jpython let me do that ?
> Would java let me call an external Python script - which in turn would
> access my device ?
>
> Thanks
>
> Philippe
>
>
> Neil Hodgson wrote:
> [color=green]
> > Philippe:
> >[color=darkred]
> >> Since I need to access a local/client device from the page and
> >> that I wish to be cross-platform; does that mean Java is my only
> >> way out ?[/color]
> >
> > Java is designed to be safe and not allow access to client devices.
> > There is a mechanism where you can attempt to ask for permission from
> > Java but it looked complex to me and I doubt many browsers will
> > cooperate. They have often locked security down to prevent this sort of
> > access.
> >
> > Neil[/color]
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>[/color]

Re: Using python from a browser/security hole

Thanks Jim,

From all I hear, it looks like the client authentication will have tobe made
"on the side of the browser", between the server and a specific program
running on the client. Not as nice but ....

Regards,

Philippe




On Friday 15 April 2005 08:52 am, James Carroll wrote:[color=blue]
> I don't think Jython will help much here... you would have to embed
> jython in your applet which makes it big, which makes it take longer
> to download... (or you could install it ahead of time on each client.)
>
> I asked my friend who did some smartcard authentication at a previous
> job... and in his case the card had an LCD readout that gave a
> different key every minute, and the user had to look at that number,
> and type it in for access. To automate this, with a card reader,
> there could be a (barcoder-scanner-like) app on each client that would
> emulate typing on the keyboard when the card was read. The user would
> have to click on a text field, then scan their card and the number
> would show up automatically. One step further... some javascript
> could possibly get the keyboard events as long as the page had input
> focus, and if it sees a smart-card key like sequence of keystrokes,
> then submit a form from a hidden IFrame....
>
> So, short of writing your own plug-in extension for each different
> browser, I'm not sure you're going to be able to access the client
> hardware from a client-side web page. Either way (plug-in or java
> applet with privileges) your user will have to agree to give access to
> the hardware.
>
> -Jim
>
> On 4/15/05, Philippe C. Martin <philippe@phili ppecmartin.com> wrote:[color=green]
> > Neil,
> >
> > Would Jpython let me do that ?
> > Would java let me call an external Python script - which in turn would
> > access my device ?
> >
> > Thanks
> >
> > Philippe
> >
> > Neil Hodgson wrote:[color=darkred]
> > > Philippe:
> > >> Since I need to access a local/client device from the page and
> > >> that I wish to be cross-platform; does that mean Java is my only
> > >> way out ?
> > >
> > > Java is designed to be safe and not allow access to client devices.
> > > There is a mechanism where you can attempt to ask for permission from
> > > Java but it looked complex to me and I doubt many browsers will
> > > cooperate. They have often locked security down to prevent this sort of
> > > access.
> > >
> > > Neil[/color]
> >
> > --
> > http://mail.python.org/mailman/listinfo/python-list[/color][/color]

--
*************** *************** *******
Philippe C. Martin
SnakeCard, LLC

+1 405 694 8098
*************** *************** *******

Re: Using python from a browser

> > I read that IE had the capability to embedd Python scripts, but what[color=blue][color=green]
> > about the others ?[/color]
>
> While Python can be set up as a scripting language for IE, this is
> normally disabled as it could be a security hole. The open call is
> available from Python scripts so a web site could read or destroy your
> files.[/color]

Slightly off-topic, it is possible to use browser helper objects
(bhos) with Internet Explorer:



Marcus

Re: Using python from a browser/security hole

On Fri, 15 Apr 2005 09:52:41 -0400, James Carroll <mrmaple@gmail. com> wrote:
[color=blue]
>I don't think Jython will help much here... you would have to embed
>jython in your applet which makes it big, which makes it take longer
>to download... (or you could install it ahead of time on each client.)
>
>I asked my friend who did some smartcard authentication at a previous
>job... and in his case the card had an LCD readout that gave a
>different key every minute, and the user had to look at that number,
>and type it in for access. To automate this, with a card reader,
>there could be a (barcoder-scanner-like) app on each client that would
>emulate typing on the keyboard when the card was read. The user would
>have to click on a text field, then scan their card and the number
>would show up automatically. One step further... some javascript
>could possibly get the keyboard events as long as the page had input
>focus, and if it sees a smart-card key like sequence of keystrokes,
>then submit a form from a hidden IFrame....
>
>So, short of writing your own plug-in extension for each different
>browser, I'm not sure you're going to be able to access the client
>hardware from a client-side web page. Either way (plug-in or java
>applet with privileges) your user will have to agree to give access to
>the hardware.
>
>-Jim[/color]
I wonder if anyone has written a safe proxy for this kind of purpose,
so that any browser would see just ordinary html at a particular url
but would then be viewing html either passed through from a particular
server or synthesized for for the local access part, which it could
do arbitrarily, depending on its user/privilege status.

[BTW, note reason why top-posts scramble things eventually. Please reconsider ;-)]
[color=blue]
>
>On 4/15/05, Philippe C. Martin <philippe@phili ppecmartin.com> wrote:[color=green]
>> Neil,
>>=20
>> Would Jpython let me do that ?
>> Would java let me call an external Python script - which in turn would
>> access my device ?
>>=20
>> Thanks
>>=20
>> Philippe
>>=20
>>=20
>> Neil Hodgson wrote:
>>=20[color=darkred]
>> > Philippe:
>> >
>> >> Since I need to access a local/client device from the page and
>> >> that I wish to be cross-platform; does that mean Java is my only
>> >> way out ?[/color][/color][/color]
See comment above.
[color=blue][color=green][color=darkred]
>> >
>> > Java is designed to be safe and not allow access to client devices.
>> > There is a mechanism where you can attempt to ask for permission from
>> > Java but it looked complex to me and I doubt many browsers will
>> > cooperate. They have often locked security down to prevent this sort of
>> > access.
>> >
>> > Neil[/color]
>>=20
>> --
>> http://mail.python.org/mailman/listinfo/python-list
>>=20
>>[/color][/color]

Regards,
Bengt Richter