C 0000011 mmmv browser startup sequence t1

From commentsarchive
Jump to: navigation, search

C 1..100


Step 1

At console

    /path/to/browser/binary http://localhost:portnumber/some/path/index.php#randomly_generated_long_temporary_password


Step 2

The JavaScript code at the web browser side and the PHP code or code wrapped by the PHP code at the server side negotiate a new, longer, password/key and agree to consider the initial randomly_generated_long_temporary_password to be invalid. To reconnect to the server without the newly negotiated password/key, the server or at least part of the server, if it consist of multiple operating system processes, needs to be re-started. Web browser may store the newly negotiated password/key to the web browser database, where database instances are accessible according to site URLs/domains.


Notes

The motive for using such a startup scheme is to at least somewhat limit one operating system user from accessing a web browser based GUI of another operating system user of the same computer. A correct version to address that issue might be to use operating system firewall settings, but that option might not be always available, so the mmmv_browser_startup_sequence_t1 is a compromise solution that is better than nothing. The idea to use HTML ID-s as part of URLs at session start-up originates from the Lufi file sharing project. If the browser is a custom GUI application, then the randomly_generated_long_temporary_password might be given to the browser as a separate command line argument.