diff options
| author |  Joey Hess <joey@kitenet.net> | 2012-08-20 16:04:56 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-08-20 16:04:56 -0400 |
| commit | 68f1be8f0a79bcff595c7aff2289bb95c4d5b590 (patch) | |
| tree | 00d36cf1be1cc795ca46e81950c7fa293f5a5d26 /doc/design/assistant/webapp.mdwn | |
| parent | dcd208513d24c609719065c51eb176f6b0df3024 (diff) | |
| parent | 08db0b9fa3cbf49d465479fabfab0c8f1b521b1c (diff) | |
Merge branch 'master' into assistant
Conflicts:
Makefile
debian/copyright
Diffstat (limited to 'doc/design/assistant/webapp.mdwn')
| -rw-r--r-- | doc/design/assistant/webapp.mdwn | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/doc/design/assistant/webapp.mdwn b/doc/design/assistant/webapp.mdwn index ddcc66153..82d180af2 100644 --- a/doc/design/assistant/webapp.mdwn +++ b/doc/design/assistant/webapp.mdwn @@ -1,27 +1,14 @@ The webapp is a web server that displays a shiny interface. -## security - -* Listen only to localhost. **done** -* Instruct the user's web browser to open an url that contains a secret - token. This guards against other users on the same system. **done** - (I would like to avoid passwords or other authentication methods, - it's your local system.) -* Don't pass the url with secret token directly to the web browser, - as that exposes it to `ps`. Instead, write a html file only the user can read, - that redirects to the webapp. **done** -* Alternative for Linux at least would be to write a small program using - GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding - needing authentication. - ## interface * list of files uploading and downloading **done** * button to open file browser on repo (`xdg-open $DIR`) **done** * progress bars for each file (see [[progressbars]]) * drag and drop to reorder -* cancel and pause -* keep it usable w/o javascript, and accessible to blind, etc +* cancel, pause, and resume **done** +* keep it usable w/o javascript **done** +* keep it accessible to blind, etc ## other features @@ -42,3 +29,17 @@ The webapp is a web server that displays a shiny interface. * record repository that was made, and use it next time run **done** * write a pid file, to prevent more than one first-start process running at once **done** + +## security **acceptable/done** + +* Listen only to localhost. **done** +* Instruct the user's web browser to open an url that contains a secret + token. This guards against other users on the same system. **done** + (I would like to avoid passwords or other authentication methods, + it's your local system.) +* Don't pass the url with secret token directly to the web browser, + as that exposes it to `ps`. Instead, write a html file only the user can read, + that redirects to the webapp. **done** +* Alternative for Linux at least would be to write a small program using + GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding + needing authentication. |