Topic: Secure Widgets

I want to make a 'secure' widget.
For example, I run several php based online retail stores.
I would like to have my chumby report store status data.
Date would be things like, number of shoppers in the store in the last hours, gross sales in the last hour/day/week/month.
Some simple sales reports, maybe a database status.
I have all these tools built in php already. Changing the output to xml format the chumby can read is the easy part.

What I"m wondering about... is it possible to get the chumby id, and authenticate it.
I'm thinking the chumby id would have to be entered in my store php file. And also a username and password would be used (as this can be changed easily while the chumby id could not).
So the chumby will sent the info to the store to be authenticated before the store will give up it's data. This way not just any chumby can get my store data.

Can the chumby retreive data over https? Can it send it's own id and other name value pairs as a post command?

If so, I will update my self on flash (haven't touched it since 3.0).

But if this isn't possible then the question is... when will it be possible?

If this is possible I will make the php files available..  the php files set up for connecting an oscommerce store, and also the flash widget for the chumby.

Re: Secure Widgets

The alpha prototypes do not support HTTPS from Flash, however, the production units do.  You can do anything that the XML class supports in the normal Flash regarding POST, etc.

While the widget does not get the ID of the chumby, it *does* get a unique ID for the particular widget running in a particular channel.

3 (edited by kayakbabe 2007-07-16 14:22:26)

Re: Secure Widgets

How will I be able to obtain this unique ID so I can enter it into my application? From a display within the chumby?

Being able to obtain/pass the chumby id would be a really really wonderful thing for people who want to build secure/private information sources like I do.

I can think of hundreds of applications like mine where it would be very useful to have security combined with the chumby. If it can work I know I'll be buying at least 5 chumby's just for my business. I'll also share the application code wtih other oscommerce store owners so they can also use it themselves.

However I only want my own users to use the php scripts on my website.
So the url of the php application for the store will have to be entered into the widget configuration too? (is that correct).
I'm pretty sure I remember being able to do this with flash (a long time ago).

I guess that was two questoins not just one ;-)

Re: Secure Widgets

The ID is passed to the widget - it's on your main timeline in the variable "_chumby_widget_instance_id" when your widget starts up.

Re: Secure Widgets

If I'm running the flash as opening.swf from the usb, I get a value of undefined for both _chumby_chumby_name and _chumby_widget_instance_id

I saw an announcement where you were going to make it possible to have a usb dongle based widget mixed in with the normal channel widgets. I WOULD REALLY LIKE THIS!!!! Please put this in a very soon firmware update. This would be so awesome. I don't want to share my proprietry store data or server data, yet I do want it via an ambient display device like the chumby. This would solve a ton of issues with security and possible other problems. Please make this happen soon! It seems like an excellent workaround for security issues related to hosting widgets... and also means that chumby.com doesn't have to host widgets that will only get used by a very few people.

Re: Secure Widgets

Well, if you're running a local movie using the hack for opening.swf, then it would not have this info because it comes from the server.

Note also that the chumby name is *not* globally unique - just unique per user.  The widget instance ID, however, is globally unique, but applies *only* to widgets served from our server, since the ID is a key assigned by our database.