[OSM-dev] detect running JOSM from web pages
Stephan Knauss
osm at stephans-server.de
Thu Jul 29 09:07:25 BST 2010
Jochen Topf wrote:
> On Thu, Jul 29, 2010 at 01:03:52AM +0200, Stephan Knauss wrote:
>> I extended JOSM RemoteControl to provide protocol version information.
> I don't like the idea that every web page can now find out whether I run
> JOSM and which version it is.
Thank you for pointing this out.
Actually various techniques exist to detect open ports. You can google
for JavaScript port scanners to get an idea how this works.
So by installing RemoteControl it is already possible (and was in the
past). I added this to the wiki, so people installing the plugin should
be aware.
As the plugin is not shipped by default I assume providing an external
interface is the reason people actually install it.
Providing a defined interface does not increase the risk.
You might have misunderstood the version information as well. It does
not report the version of JOSM. Not even the version of the plugin.
I did add a version to the interface. That's why it's called "protocol
version".
Using a versioned protocol it is possible to have additions to an
interface and keep existing applications functional.
Think of a web-page adding not only nodes but also ways. That might be
included in protocol 1.1. So the page can detect the capabilities of a
client and offer the extended functionality only to users having a
recent plugin.
As some might still not feel comfortable of web pages reading the
protocol version in addition to knowing of the open port I made the
plugin aware of the permission properties. Default behaviour is the same
as for existing actions.
Stephan
More information about the dev
mailing list