Sunday, April 21, 2013
Attention Rdbhost Clients
If you have an active JavaScript application relying on an Rdbhost.com account, you should consider upgrading your app, to use current libraries.
If you are using jquery.rdbhost.exdm.js from www.rdbhost.com, loaded by your app from our server, and you do not use the openId log-in methods, and you use a recent version of jquery (>= 1.5) then you are probably ok as-is. Your app will load the current version, and all is well. Please check, this week, and again next week, to verify correct behavior.
Otherwise, upgrade. Use either the current jquery.rdbhost.exdm.js from our server, or get the current version from our github repository. Load it after a recent version of jQuery (version >= 1.5).
The compelling reason to upgrade is that server-side support for cookie processing is being dropped soon. The protocol included the ability to interpolate cookie values into queries, as a convenience to the programmer. Unfortunately, this facilitates clients creating Cross-Site-Forged-Request (CSFR) vulnerabilities. So, to avoid this hazard, I re-coded the JavaScript module to handle cookies client-side. Now, it converts the cookie tokens into regular named parameters, and adds the cookie values to the named parameters hash. Now, the server should never see cookie tokens in any query, and in a week or so, the server side support will be dropped.
Other than this, there are numerous improvements. OpenId logins work better now, as a reliance on iframes has been removed. The Rdbhost jQuery plugin methods now return Deferred promises, as appropriate; this behavior is similar to current jQuery ajax behavior. You (the account owner) can now login to your account via an API call.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment