Mozilla.org Releases Protozilla 155
An anonymous reader wrote in to tell us about Protozilla's release. "Protozilla enables Mozilla to execute any CGI program on the local disk directly, without passing it through an HTTP server." Its a strange little idea that could definitely simplify development.
When and why? (Score:1)
I am puzzled, aren't the developers aware that there are slightly more pressing matters to tie up than think up "tricks". I do not want to be appear harsh but I have come to think of this mozilla group as being a bunch of developers who imagine membership of the club is an end in itself. The only products released or discussed are tools to enable rapid development. Something they seem singularly unable of doing themselves. (gulp, I suspect I may be bitten for these thoughts)
Re:Philosophy (Score:1)
Re:Not a New Idea, but Not Widespread (Score:1)
Good isn't it. Just as virtually every other app on the Linux desktop is converging onto either the KDE or GNOME widget sets, Mozilla intoduces a new proprietary way to do things, totally seperate to anything else.
Now that's what I call forward thinking (NOT).
Hopefully Konqueror will continue to evolve to the point where Mozilla is irrelevant; and Galleon will do the same for the GNOME camp. Both projects have Email/Groupware clients that are superior to the "extra" bundled Mozilla features anyway.
Ok, so this is old news, and my bitching won't re-write history. But I've not voiced my thoughts about this in the internet before
Macka
Re:Keep It Simple, Stupid (Score:1)
It's time people realize that it makes no sense whining about the work other people do for free to provide software they want or need, and expect those people to work on something that matters less for them.
Re:Merely the tip of the development iceberg! (Score:1)
Any idea how extensible this is? (Score:1)
I've looked into Jini lately and that seems to be quite interesting. I just wondered, could this be a way to use Jini based services on net via browers. There aren't probably any yet, but plugging Jini -services to brower might by a killer. Jini might be one good technique for doing 2nd generation Internet services.. Services that are dynamic, not-flashy-html-www stuff which makes it real hard to actually USE the information on the net for anything else except human browsing.. Well this might be quite far feched, but I'd say that anyone who has thought these things might have some clue about what I'm talking about..
Re:So Mozilla is the center of the I/O universe? (Score:1)
And if that matters, it's trivial to split the connection management into a separate daemon.
Re:Can we say "feature bloat"? (Score:1)
> I'm annoyed by all the people that just whine;
> help out with something god damnit!
Why should we? Quite frankly you deserve a good roasting for taking what should have been an MS killer, then sitting on it and fiddling with the engine; adding bigger wheels, better spoilers, windscreen wipers, go faster stripes and fluffy dice
When you eventually ship V1.0, you'll deliver a product that will be the Open Source equivelant of MS Word. i.e. 10% of the features will be used 90% of the time. But that won't matter, because so many people will have settled on IE, or will be getting by with Konqueror, Gallion, or Opera that Mozilla will make little more than a plop, never mind a splash.
If this all sounds harsh, then it's meant to be, because I'm annoyed, and because I have a right to be. If I'd know it was going to take this long 2 years ago I'd have invested the time to learn C++ and chipped in
Macka
Re:How irrelevant and useless! (Score:1)
Re:Merely the tip of the development iceberg! (Score:1)
Doesn't it strike you that Mozilla is actually competing with the KDE & GNOME projects here? Tell me why this is a good thing?
Macka
Re: Mozilla .7 was still to bloated to run at home (Score:3)
There is a bug reported about JavaPlugin been loaded at statup. (bug 26516 [mozilla.org]). And there are people working on it.
There are people working on startup performance.
And there are many reports about performance in general that are beeing addressed (Performance problems [mozilla.org])
I hope someday Mozilla will be the Browser of our dreams. We can all help this to happen by reporting bugs, correcting them, or promoting Mozilla project.
Re:Keep It Simple, Stupid (Score:1)
They are ! If you'd read the article you would've seen it was being developed by mozdev, not by the Mozilla team.
As MKB says, I'm surprised I have to explain this. ;-)
Prior art: x-exec: (Score:1)
Anyhow, you can read all about it at http://www.cs.ubc.ca/doc/world/exec/intro [cs.ubc.ca].
Yes,we need rtsp:// napster://, freenet://, mojo:/ (Score:1)
Years ago, netscape had "all" the protocols:
ftp,http,gopher,and mail.
Now we have many streaming and file sharing protocols which are cludged into netscape somehow.
If mozilla fixed this and had protocol plugins, life would be great.
Re:security (Score:1)
Sure.
localcgi:/dos/format?c%3A [localcgi]
Re:Not just for local CGIs (Score:2)
Does it have to be only for development? Assuming it can be done safely, imagine using local CGI scripts as an alternative to local shell scripts. This becomes particularly relevant for your casual users, epsecially as a means of establishing Linux as an OS for the computer novice. Imagine J. Random User being able to use Mozilla as their program launcher -- everyone and their mothers've already learned how to more or less use web browsers.
And using the web browser as an interface is certainly not a new idea. Even before IE sprung up (and the infamous "The web browser is part of the OS" statement along with it), we had software packages like SATAN [fish.com] doing this back in early '95. And if we look at the web browser abstractly, as a mechanism that allows files to be selected, retrieved, and viewed, its origins can be traced back to products like Norton Commander.
Re:security (Score:1)
I think that is actually the whole point. If you can rm -rf so can any mischievous web page author over whose sorry ass^H^H^Hpage you might stumble. And that's a bad thing. This kind of security is about securing the client against the server, not the other way round. Thus "securing ports" or whatever is entirely irrelevant here. The only port to secure would be outgoing 80. And if you do that, you basically shut down any browsing...
Mozilla is dead. (Score:1)
anybody else scared? (Score:1)
ack!
________
Re:At first glance... (Score:1)
Cool! (Score:1)
-Moondog
Re:security (Score:1)
ActiveX (Score:1)
Seems that people that don't like ActiveX shouldn't be to happy with this new feature. But it has worked well in IE for 3 years.
Question about this. (Score:1)
Re:Great Idea! (Score:3)
Generally it's used to point ftp to a real FTP client (Interarchie being popular) and afs to an AFS client (Apple File Sharing.) However it can be used for about anything, including hooks to scripting languages (AppleScript, Python, TCL) using the built in Open Scripting support.
Open Source is great but it didn't come up with this one first.
Re:Internet Explorer can (Score:1)
well, I think it's a good idea, therefore it is. (Score:1)
Re:WOW! (Score:2)
Zontar The Mindless,
Re:Not just for local CGIs (Score:2)
Of course, it's a security nightmare as you couldn't tell where the file had come from. Perhaps the files could use some form of authentication. Hmm. Yes, for example, NT users could "sign" launching controls then, on a company based intranet, they could launch programs as required from any networked machine. In unix, it could be used to launch programs running suid the creater of the launch control.
Rich
Re:Not a New Idea, but Not Widespread (Score:2)
Zontar The Mindless,
Re:Not just for local CGIs (Score:2)
True, although the impression I got was that this framework would provide a nice helper app to do the magic for us. Furthermore, a CGI-based scheme would allow for easily porting apps from intranet use to local use and vice-versa. Finally, something that delves in to the realm of figuring out when to properly execute content that's trusted is something that I, personally, would feel less than comfortable writing. I would much prefer a system with some peer review.
security (Score:1)
---
Ryan Wilhelm
"Official" response to comments on Protozilla (Score:1)
To clear up some misconceptions, here's a response to some of the comments on Protozilla:
-Protozilla is not an "official" mozilla.org project. It is hosted at mozdev.org, as evident from the URL. (It is not the intent of Protozilla to delay the development of a viable Mozilla-based browser, which is proceeding at its own pace.)
-"Client-side CGI" is just one of Protozilla's features, and by no means the most important. As the name susggests, Protozilla is about implementing new protocols easily in Mozilla.
-Can the "client-side CGI" be used to maliciously access your local files etc.?
Protozilla is carefully designed to prevent this. The client-side CGI feature may only be used to execute files residing within the user's profile directory, which should be inaccessible to malicious web scripts. Furthermore, the request to execute the file is a special "restricted" URL which can only be loaded by the user typing it in in a special URL box (or from a privileged script). Unprivileged scripts downloaded from the web cannot load this URL. Nor can the URL be loaded by a "dumb" user clicking a malicious link on a web page. (Only executables which are specifically designated as implementing "public" protocols will be accessible to web page scripts through general-purpose URLs.)
However, any new functionality does open up the possibility of exploits and Protozilla is far from being fully tested/audited. So use it with care!
-Some posters on slashdot pointed out "prior art". These are useful to put Protozilla in context. Here are the links:
Pluggable protocol handlers in IE (http://msdn.microsoft.com/workshop/networking/plu ggable/overview/overview.asp)
Asynchronous pluggable protocols enable developers to create pluggable protocol handlers, MIME filters, and namespace handlers that work with Microsoft Internet Explorer 4.0 and later and a URL moniker.
W3M (http://www.gnu.org/brave-gnu-world/issue-16.en.ht ml)
A lot of browsers try to do everything in one program - W3M does exactly the opposite by calling external programs whenever possible. To make this easier it contains a "local CGI" mechanism that is capable of running CGI scripts locally without the help of a web server.
Jellybean (http://wgz.org/chromatic/jellybean.html)
Jellybean is a Perl Object Server with an HTTP interface, based upon an idea by Jon Udell.
MMM (http://pauillac.inria.fr/~rouaix/mmm/)
local CGIs [...] providing cheap and sophisticated MMM interfaces for applications.
Re:Internet Explorer can (Score:1)
Re:When and why? (Score:2)
Lots of people (particularly Netscape people) are already working on Mozilla's "pressing matters", and they are making huge strides.
And as others have pointed out, this isn't even an official mozilla.org project.
my first thought (Score:1)
Not really a new idea (Score:4)
Re:security (Score:2)
Re:CGI is dead (Score:1)
PHP is a fossil, a relic of the late-90's
As is C++ (flamebait!!)
Doh! (Score:1)
Re:Speaking of large things (Score:2)
Re:CGI is dead (Score:2)
Do you program at all?
PHP is a language.
"CGI" is NOT a language.
PHP on many virtual hosting environments is running in CGI mode.
Please put a bit more thought into the next post before a knee-jerk post like this. "PHP is great, CGI is bad!". It's not even apples v. oranges, because at least both of those are fruits.
Re:Ok, but don't expect big impact (Score:1)
Having said that I still question the value of this for testing, as someone else pointed out it if it doesnt mirror the server you are going to use then you still might have to make changes when you upload it.
I run apache with PHP,SSI,CGI support on my p133 40MB linux box and it works great so i'm not sure of the value of protozilla (especially given the resource requirements of mozilla!)
this sounds a little dangerous (Score:1)
What I'd like to see the mozilla team is to invent a browser that does not suck up all my system resources. I just want a browser. A simple browser that runs on UNIX / Linux. That handles html 4.0 as well as Java and JavaScript and can do netscape plugins, like real audio, mp3, midi, flash and wave files.
Mozilla .7 was still to bloated to run at home, after installing the jvm. Personally I think that the jvm that they are using sucks butt. It launches about 30 threads that just take up all my memory. Why????
I don't want a lot, I just want it all!
Flame away, I have a hose!
Re:security (Score:1)
Your wish [slashdot.org] might come true...
--
FALSE (Score:2)
secure dynamic content creation in the case of
multiple users. mod_perl, mod_php, etc, do not
permit security boundaries between the users.
Using the term "CGI" was a bad idea for them... (Score:2)
Although the mozilla people mention using it to test CGI programs locally, that seems probably the worst use of this technology. MUCH more interesting would be to tie in existing code (perl, javascript, etc) into one cohesive app, and run it *locally* with the mozilla app as the interface. No need for a net connection at all - you could write apps in Perl and distribute them to be used with a standalone Mozilla machine. Yes it could be done now if you're also shipping a webserver, but this is less to install and maintain.
Think standalone kiosks for starters. I was given a demo of a standalone kiosk system over a year ago (never got off the ground). The machine it came with was an NT box with VB Scripts, SQL server and some other stuff - huge $$$. Yes, you could replicate all of this with Apache/Mysql, etc. This just seems to make it even easier. Rather than treating the browser as just a client, it becomes more integrated - it becomes the app itself. Also, by using this IPC stuff, my Perl scripts can do one thing, my javascripts can do something else, and the mozilla frontend would tie it together (that's my impression, anyway).
I personally am becoming disenchanted with the whole mozilla thing - yes all this stuff is cool, but I think we all just wanted a decent browser about a year ago. Yes, keep developing and adding on, but a small, quick browser (with a netscape 4.7 compatibility toggle switch!) would have helped stave off the decline of this browser technology.
FALSE (Score:2)
Re:nice idea... (Score:1)
Re:Internet Explorer can (Score:2)
Re:Not just for local CGIs (Score:2)
--
Re:security (Score:2)
> ass^H^H^Hpage you might stumble. And that's a bad thing. This kind of security is about securing the client against the server, not the
> other way round.
Hence my statement, ``Although it would be even safer if anything that ran in this wise ran in rsh as `nobody'." On one hand, a malicious application could no nothing more than writhe around in
All of this are just some random thoughts about this ``new feature". After all, it's Sunday, & I should have better things to concern myself on this day of rest than computers.
Yet I hope that the folks responsible for this ``new feature" weigh the plusses & minuses carefully: if they can't make it work without emasculating it due to security concerns, then don't bother diddling with this.
The reason is this: there's this company up in Redmond, WA that is eager to deliver us all of this k-rad k3wl software, but because security puts a crimp in all of their 3l33t featurez, they don't consider security. It crimps their style. And as a resutl knowledgeable computer users hate them.
Geoff
Re:How irrelevant and useless! (Score:1)
Ok, it's somewhat cool, but how about making Linux Netscape take less memory, and not crash every twenty pages before adding these new features?
The PC is Dead, Long Live the PC (Score:1)
I've been waiting for something like this! (Score:1)
Being able to do it right inside the web browser is a great idea. Now, lets just hope it isn't as buggy as JavaScript!
DON'T CLICK THAT LINK! (Score:1)
Sites REQUIRE java if run by fools. (Score:1)
It is foolish to write a site that depends on java. That mistake is right up there with using Microsoft tools that only display properly on Microsoft browsers. (Unless you're Microsoft, of course. For them it's good marketing.)
One big reason is that a significant fraction of the potential audience browses with java and javascript disabled due to concern over security flaws. (Given that there's a netscape hole that lets a hostile site set up a server on YOUR machine to publish every file you can read, AND notify the hostile site that this is up and running, it's a reasonable concern. B-) )
So if you want a web site to reach the max audience, either forget java or provide a non-java alternate functionality.
CGI runs on the server, so you only depend on the client browser's ability to display.
Re:It is a nice idea. (Score:1)
Now personally, is this Mozilla idea a good one? Probably not, only a serious developer would need this, and a serious developer already has a webserver on their LAN. And if you are worried about being on the road, make the web server accessible via SSL and some type of login method. If you don't wanna do that, put apache on your web server. On my pentium 75 laptop, with 16 megs of ram, it only takes
Ohh wait, are you complaining that a web server is too hard to setup with ssl?
cd
cd
damn, that was too much effort.
not mozilla.org - mozdev.org! (Score:4)
not a mozilla.org release (Score:1)
Re:client-side CGI defeats the purpose, damn idiot (Score:1)
So Mozilla is the center of the I/O universe? (Score:4)
We're seeing the same old and discredited mistakes of yesteryear repeated here. Yes, this makes Mozilla vastly more powerful, and it is easy to see how its developers would appreciate such a facility for experimental purposes, but for the end user it is the wrong approach. Architecturally, it is the wrong design, and pragmatically it's the wrong thing to do as well: when Mozilla crashes, you do not want a pile of network services to go down with it.
Yes, I know it's advertised primarily as a hook for experimentation in protocols, but if any real service is ever delivered over it then we all lose.
Re:Can we say "feature bloat"? (Score:3)
I think this represents one of the few flaws in the Open Source philosophy. Because developers are working on their own time, they work on whatever suits their fancy. More often than not, this involves some great new feature that's completely unnecessary, but rates high on the "cool-factor". So the things that really need to get done are delayed.
Netscape's programmers are paid to work on Mozilla. I would guess about 80-90% of the Mozilla development team is Netscape employees. So in other words, yes, Mozilla is open source but it is most definitely not a volunteer project. And I can tell you've never visited the bugzilla site, because bugs that interfere with functionality (crashing on startup, etc) always get highest priority and are usually the ones to get fixed first.
I agree with you in that the bloat is excessive, but it's really beyond anyone's control at this point. I can only hope that they continue with the bug fixes long after 1.0 and make it the best damn browser suite they can.
Based on the history of the project, I believe it can be done.
Merely the tip of the development iceberg! (Score:2)
While many readers have taken pains to point out that this is really a mozdev project, and others have opined that this is great or just a yawn, we may have missed the overall point here..
Since mozilla's architechture is open and documentated, we are begininng to see more and more projects (been to mozdev lately?) that are extending the traditional "web browser" into something we cannot even fully comprehend yet.
Mozilla itself may not be ready for prime time, but the *concept* of a stable base on which to build other nifty tools is.. well.. like LINUX itself.
Way to go mozilla team. Hopefully next year, we wont have to have these "its too bloated" and "no its not, its our savior" arguments anymore - we can just sit and surf like we should.
..Brent
"We should not enthrone ignorance simply because there is so much of it."
Re:nice idea... (Score:1)
Oh no ! Another feature ! (Score:1)
Oh goodie...... (Score:1)
Re:Sites REQUIRE java if run by fools. (Score:1)
Wrong (Score:3)
Can we say "feature bloat"? (Score:2)
I think this represents one of the few flaws in the Open Source philosophy. Because developers are working on their own time, they work on whatever suits their fancy. More often than not, this involves some great new feature that's completely unnecessary, but rates high on the "cool-factor". So the things that really need to get done are delayed.
This happens in a lot of volunteer organizations. In one organization that I belong to, we rotate cooking a meal before the meeting. We can generally find someone to cook, but it's very difficult to get people to clean. Why? Because cooking is a kind of "glory" job; if you do it right, you'll get compliments and thanks. Cleaning, on the other hand, is just as necessary, but people that do the cleaning aren't noticed or thanked.
So, in closing, I'd like to thank all of the under-appreciated people who make Mozilla a _browser_. And I'd like to tell all of the people who are busy bloating the hell out of it before it even gets out of beta to STOP killing a great product. If you really want to help, work on the rendering code, or the Javascript interpreter. Heck, just use the browser and submit bug reports so that they're found and fixed faster. Just stop killing on of the few alternative browsers that are available.
Good idea... (Score:2)
Re:Not just for local CGIs (Score:2)
Actually, in mozilla, that's built in. Try finger:raduffy@idsoftware.com [finger]
--
How this article should have read: (Score:2)
An anonymous reader wrote in to tell us about Protozilla's first alpha release. "Protozilla enables Mozilla to execute any CGI program on the local disk directly, without passing it through an HTTP server. It also allows stateless interprocess communication, the use of external programs as protocol handlers (telnet, ping, etc.), and the use of local-only pseudo-URLs (similar to about:)." This is a project by independent developers unconnected to the Mozilla browser effort that adds a lot of neat functionality.
Re:FALSE? (Score:2)
And as much as everyone rags on Java speed, Servlets are far and away faster than CGI.
w3m does this already! (Score:2)
FALSE? (Score:2)
- CGI, under UNIX, is the best method of allowing secure dynamic content creation in the case of multiple users. mod_perl, mod_php, etc, do not permit security boundaries between the users.
I don't understand this. As far as I know, CGI scripts all run as the same user the web server is running as. Why is that more secure than PHP? More specifically, how can you claim that this puts some kind of "security boundaries between users."I suppose you could run the HTTPd as root and use the HTTP Basic Authentication info to su, but then you're running your web server as root, which is considerably less secure than running it as an unprivileged user.
Re:nice idea... (Score:2)
So the parent is misinformative.
Re:It is a nice idea. (Score:2)
If you want to see what CGI really means and what is CGI and what is not CGI, please refer to the CGI spec [uiuc.edu]. CGI refers to an interface that requires a set of environment variables to be set, passes in POST and PUT information via stdin, and returns HTTP response results on stdout.
This allows almost any language to be used to write CGI programs (C, perl, tcl, bash, whatever you want). But it doesn't imply that every interface to the HTTP protocol is CGI.
Re:Internet Explorer can (Score:2)
- it can run ASP, do all sorts of database stuff, etc, locally without needing a real web server.
But... but... if you're doing ASP programming, you're already not running a real web server!(Unless you're running Halcyon's Java-based ASP engine under Apache Tomcat, but that's just the first step on a road to madness.)
Not a New Idea, but Not Widespread (Score:3)
Jon Udell [roninhouse.com] had a similar idea at least two years ago (see his book, Practical Internet Groupware).
There are plenty of programs out there that can work well with just an HTML+JavaScript interface, especially if you have a small database (even a DB_File!) on your machine, and an interpreter for a scripting language like Perl or Python.
I'm curious to see whether it does anything more than Jellybean [wgz.org] can... there's something compelling about a tiny local web server with the power of mod_perl and a simple interface that lets you build persistent, network aware applications that can replicate data between clients. With XPCOM, it's certainly possible to write a nicer interface than one that only has HTML Form widgets and some onClick handlers.
--
Re:nice idea... (Score:2)
Re:this sounds a little dangerous (Score:2)
You do?? Shit, I don't think netscape/aol got word of this, I'll get on the horn to them right away. I'll say, "damn it, josepha48 just wants a browser, what are you guys doing!!"
Netscape does not follow the average hacker's agenda or requirements. It has a design, that includes a mail client, composer, etc, and thats what they make. Does it matter that the mozilla includes these things? If you dont like them, dont use them. It's not as though the mail client is resident in memory if you're not using it, just the browser is. If you're going to argue that they are wasting development effort on the other things, thats wrong too, because they have plenty of people working on each component. If everyone at netscape was working on just the browser, jack shit would get done.
As for the plugins, Edit, Preferences, Navigator, Helper Applications. Configure your normal apps for those things. Additionally, the Netscape 4.x flash plugin works under mozilla. Just copy it to the plugins/ directory.
(I'm not blind to mozilla's performance woes, however. But blame that on lack of usage of native widgetry, and usage of XUL.)
--
nice idea... (Score:2)
mod_php, mod_perl, mod_python, zope, roxen,
greetings, eMBee.
--
Excellent idea. (Score:2)
It doesnt seem to be in Mozilla yet, after reading the article, and tinkering with my new build, but still a wonderful idea. But how can it interact with other files that need to be on the server that you dont have? And what if you dont use absolute URLs? Im curious to see how it handles stuff like this.
Mozilla is really getting stable, I know some peoples opinions of Mozilla are tarnished, but seriously, give it a try, its come a long way in the past 6 months, I havnt used anything else in months. And please dont compare the current Mozilla tree to Netscape6, They are not the same thing. Netscape took Mozilla M18 (which is old nowadays) and messed up a very decent product. Try out the nightlies, then if you want to flame it, your at least qualified to do so.
And lets not forget that Mozilla 0.8 is supposed to be released the first week of Febuary, 1.0 is expected as early as Mid-April. We're almost there!!
Re:security (Score:2)
Well, you know that if some other big company introduced it as a feature for their browser, everyone would be all over it in a heartbeat. Can you say "format c:"?
Fortunately, it is something that you have to actively seek out. It is not pre-packaged.
And you would suppose that developers would be up to speed on security and protection vs hackers and kiddies and industrial espionage
It is likely not to be broadly used by the public at large. Not until someone includes it in the public version of their browser.
Maybe MS will include it in the next version of their browser. One could only hope?
How irrelevant and useless! (Score:2)
And how well will you be testing your CGI, if you're not running it in the same (apache/thttpd/whatever) environment as the real server? You'll probably end up wasting more time modifying your code after the fact than it would take to set up a local web server!
Wow, I must be in a bad mood today.
Not just for local CGIs (Score:4)
For those afraid of the security issues associated with running CGI scripts locally -- this is a development tool only. In order for a script kiddie to misuse this, (s)he'll have to send your the CGI script in the mail, and tell you to run it for him :). Unless you're running Outlook, you're ok ;).
----------
Re:client-side CGI defeats the purpose, damn idiot (Score:2)
//rdj
Re:HotJava (Score:2)
--
Re:It is a nice idea. (Score:2)
Correct.
All web languages use CGI, java, mod_perl, mod_python, everything.
Incorrect. There exist several other interfaces to use for dynamic content generation. ISAPI, NSAPI, and fastCGI are all faster alternatives.
When you put text in a textbox, and hit submit, thats normally CGI.
OK, you're quite some way from the truth now. When you put text in a text box and hit submit, you are performing a HTTP GET or HTTP POST. Whether the web server then uses CGI or fastCGI to interface with an out of process executable, or one of the many ways of dealing with the request in-process, has nothing to do with your form.
(unless the form uses mail, or whatnot).
You've finally lost me there. Could you explain how a form can "use mail". Surely you aren't talking about hyperlinks to mailto: URLs, which have nothing to o with forms?
mozilla.org did not release Protozila (Score:5)
From the mozdev front page:
While this project is not being developed (or released for that matter) from within mozilla.org itself, it and other projects at mozdev demonstrate how mozilla technologies can be used and extended and how the community of mozilla developers has and continues to expand "beyond the browser".
--Asa
Re:FALSE? (Score:2)
CGIwrap, Apache's suexec, etc support this via setuid binaries. Zeus has some sort of CGI spawning daemon. The webserver itself need not and should not run as root. One or the other method should work for almost any webserver which runs on UNIX.
Re:security (Score:4)
Interesting point, now that I have thought thru your question, & read the source page. What they wrote at Mozilla is:
> Protozilla is a browser add-on that makes it very easy to implement protocols in Mozilla (or Netscape 6.x). It is not a
> traditional browser plugin, but may be described as a "socket adapter", like the kind that you may carry around with your
> laptop when you travel internationally.
In other words, an ability to handle protocols like SMTP & NNTP akin to the ability of specifying helper-applications to handle MIME types. (And if this works with the Gecko rendering engine, you can specify your own choice of MTA or newsreader when you hit the link that requires that protocol, instead of being forced to d/l the whole bloated mass of Netscape!)
And if the admin for the workstation running the browser has done a proper job securing the ports, then there should be no new security issues.
My assumption -- & someone who knows more, correct me if this is wrong -- is that the browser add-in, being a daughter process, would inherit the environment the parent process has -- & ultimately that of the user. So unless you are doing something stupid like running your workstation as ``root" or ``Admin" this won't do anything to your computer worse than you can do in a non-privileged account. In other words, if *you* can't ``rm -rf *" & lose more than a few files, then neither can the enabled protocol.
(Although it would be even safer if anything that ran in this wise ran in rsh as ``nobody".)
However, I doubt anyone truly knows how security & environment variables are handled under NT4.0/Win2000, so maybe we do have another exploit waiting to happen in certain cases. Wouldn't be the first time MS coding practices proved injurous.
Geoff
Great Idea (Score:4)
Burris
Re:security (Score:2)
(secure Linux, here we come!)
`ø,,ø!
Re:nice idea... (Score:3)
without CGI, no PHP (Score:2)
But you should see CGI as a low-level protocol (the Common Gateway Interface) for transferring data, not as "a webscripting environment for Perl".
And you should (definitely) see PHP as a high-level language using the CGI protocol internally (to transfer form data, mostly).
I guess it's valid to compare the difference between PHP and plain CGI to the difference between Bonobo and plain CORBA (for as far as I know Bonobo, this seems quite a useful comparision).
It's... It's...
Not Mozilla... but mozdev.. still awesome. (Score:2)
Protozilla is great stuff. There is some really cool stuff you can do. For example you can write javascript or a bash script within Mozilla to do crazy stuff.
I created a cups:// protocol for the Common Unix Printing System. Basically since cups runs on a non-standard port I can just do a :
cups://localhost
which is cleaner IMO.
There are some significant security concepts here. Your web application could use XPCOM and XSLT to build a full web application BUT use different users to request subsets of the same content.
For example... My primary psuedonym could request the first part of my document (cars) then on the second part it could request contra-band like DeCSS et al. This without having my car psuedonym exposed.
Good stuff. Here comes the semantic web!
Great for file sharing. (Score:2)
Internet Explorer can (Score:4)