[whatwg] General TCP connections API?

On Thu, 26 May 2005 21:30:18 +0100, Charles Iliya Krempeaux  
<supercanadian at gmail.com> wrote:

>> To have your own connections you'd have to use other port than 80 and  
>> that may be disallowed on many restricted systems.
>
> Could you please elaborate on this.

Clients that have many blocked ports on firewall - for example to block  
P2P inside school networks.

>> If user navigates to the next page, browser will destroy your JS objects
>> and close their connections.

> I don't really see this as a problem.  A web application would be "one
> page" (with possibly other pages embedded in it).

You're right.

>> Even if connections are limited to the same host, you couldn't safely
>> serve anything else on it. Spammers might use numerous HTML-injection
>> techniques to send spam using other people's computers, and this may get
>> much worse if host restriction fails.

> Could you please elaborate on this.

Let's say there's website
example.com/page.php?name=John
that prints
Hello "John"!

On your website, if you create iframe with URL:
example.com/page.php?name=<script>connectPort(25).send("HELO...SPAM...SPAM");</script>

every visitor will send spam using example.com server.


On a second thought this may be prevented by forcing some special  
handshake or transport protocol for custom connections...
but then this feature becomes just alternative HTTP + XML RPC that only  
offers smaller lag for price of increased complexity and worse  
browser/server support. Is it worth it?

-- 
regards, Kornel Lesinski

Received on Thursday, 26 May 2005 14:38:33 UTC