[alicebot-archcomm] RE: Javascript HTML client instead of Template/Filter?

[Christopher Fahey [askrom]]

I wrote:
> In any case, I remember a while ago there was some initiative 
> to update ProgramD's template/filter structure - to enable 
> users to build their own templates and filters at will. 

I just realized that there is an interesting performance/security
dimension to this: anyone could add my bot to their site by simply
linking to my bot's URL. I wonder if there's a way to make sure that
only authorized requests are allowed, so that you don't have a thousand
people 'mooching' off of a single bot brain in this way. Even now,
there's nothing to stop you from writing some code to send requests to
my botserver
(http://graphpaper.dns2go.com:2001/CHAT?flash=true&text=hello), then to
parse the wacky flash-template output to build your own client's
display. It would be nice if we could make sure that only clients from
my site are able to access my server. This is not an issue with the
current HTML implementation since the resulting HTML page can have the
botmaster's own logo and artwork in it, making any rip-offs rather
obvious.

At least the Flash client has this kind of security built in to the
client - the client will not load data from any server except the one on
which the SWF resides - so your flash client cannot possibly use my
Alice server. The trick, though, is to figure out how to make it so that
the server will only accept input from a particular client. I fear this
problem may be unsolvable.

-Cf

[christopher eli fahey]
art: http://www.graphpaper.com
science: http://www.askrom.com