[whatwg] web-apps - TCPConnection

On Mon, 17 Oct 2005, Michael Gratton wrote:
>
> On Mon, 2005-10-17 at 05:27 +0000, Ian Hickson wrote:
> > It's not intended to use port 80 only; where does it say that? That's 
> > an error. It is intended to be usable on ports 80, 443, and anything 
> > greater than 1024. (80 and 443 to attempt to tunnel out of psychotic 
> > firewalls, [...])
> 
> ObFirewallsExistForAReasonRant: But then you are trying to subvert the 
> entire point of the firewall in the first place, which is just going to 
> annoy network admins. If they don't already have a proxy in place they 
> will put one in pretty quick. XML-RPC and SOAP constitute similar 
> annoyances.

Even if they do, since this protocol supports being carried over SSL and 
since it supports being sent over port 443, you can still get out. :-)

What reason is there to prevent Web pages from making out-going 
TCPConnections, if they are allowed to make outgoing HTTP connections, 
given that you can always, if you try hard enough, implement one by using 
the other?


> I would suggest the spec should just require all connections be made on 
> ports above 1024. It will make it clear to people behind a firewall that 
> they will need to get a hole made to use the web app and avoids the 
> problem with transparent proxies.

This would basically kill this feature, since Web sites wouldn't use 
something that they can't guarentee will be able to get out.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 26 October 2005 11:12:21 UTC