views:

107

answers:

2

I want to write a browser based app that retrieves data from multiple websites and posts it to my server app. What are the best options to do this?

The most straightforward approach would certainly be to have the server app retrieve the data, but that's not possible for copyright reasons. In my case individual users do have the right to access the data but my server app doesn't. So the request has to originate from the user's machine.

This is not a scheme to circumvent copyright law as the data is never published. It's made available to authorized users only. The problem is simply how to use a web app as an extension of the users's desktop.

It would be a trivial and legal thing to do with a desktop app, but I don't want to force users to download and install software. So my question is if anyone knows how this can be achieved with browser extensions, silverlight, flash, etc and what the limitations of each approach would be.

Thanks in advance for your help

+1  A: 

Nope. You may say it's non-malicious, but the target site has no way to know that; if you could do it, any hacker could.

Unless you can persuade your target sites to let you in by having their own script set 'window.domain', or you can get away with exploiting a security hole they've left in their site, cross-site scripting is not possible, for good reason.

bobince
I don't understand who is supposed to be protected by this limitation. The target site can be accessed via any desktop app, malicious or not, but it cannot be accessed via a web app. That doesn't make sense to me.
fgg
A desktop app is *much* more privileged than a web site. They can happily nick your account details, log into your bank and steal all your money... not something you would want any random web page you visit to be able to do.
bobince
Not sure what this has to do with the issue at hand. It's not the user who gets to decide whether web app A can access web app B. The decision is left to web app B and that's not quite logical. It appears to be some kind of crude anti DOS attack provision.
fgg
+1  A: 

You can write a web scraper that do a user authentication and scrap the specific pages and post in others servers without problem. You can distribute this software to run in different desktops with different users as well.

VP
Sure, but that wouldn't be a browser based app. I want it to be legal and convenient for users.
fgg