Re: [www-svg] network from Bernhard Zwischenbrugger on 2003-08-18 (www-svg@w3.org from August 2003)

From: Bernhard Zwischenbrugger <bz@datenkueche.com>
Date: Mon, 18 Aug 2003 19:48:39 +0200
To: "www-svg@w3.org" <www-svg@w3.org>
Message-ID: <1061228919.3f411177ef1be@webmail.datenkueche.com>

Hi

> The security issue here is that you can connect to stuff protected behind a
> 
> firewall. If you request user acceptance, then it's pretty much an education
> 
> problem.

The user *will* accept because nobody read the message.

> 
>    perl -MHTTP::GHTTP -e 'get("http://foo.com/") and print "." while 1'
> 

I have the same hobby ;-)

You can't compare the security model of desktop applications with
web content.


> The users would have to accept the connection. 

The user will turn this off and if it is not possible to turn it off
the user will not use it.
It is the same problem as with outlook. People click to executable 
attachments,...




> 
> Besides, I remember that when Microsoft released the version of IE that 
> implemented favicon, a *lot* of web server admins that ran sites in the 
> multi-million hits per day range that were angry with their error logs
> suddenly 
> piling up massive amounts of 404s (occasionally triggering pagers in the
> middle 
> of the night) made their servers redirect requests for favicon.ico to 
> http://microsoft.com/PleaseFixYourBloodyBrokenBrowser/. That certainly
> resulted 
> in a massive amount of extra requests being sent there, with no discernible

Favicon for normal isn't a script and there is max. ONE connection per HTML 
Page.

> done in many browsers just by changing the location.href of a 1x1px image or
> 
> iframe. Again, SVG would introduce nothing new here.

With postURL it is possible to make asyncronous connections and drop the result.
You can send 50 (or more) requests/second to a cgi.
That's  new!!!!


> 
> > If the network connection is restricted you can write server based
> applications 
> > that do all this network protocols and communicate over an XML protocol
> with 
> > the client.
> 
> Yes, but that's much less useful.
> 

It's more serverside programming and less client side programming.

Bernhard
http://datenkueche.com

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Received on Monday, 18 August 2003 13:48:51 UTC