Thomas DeWeese wrote: > Why would you restrict ports if you restrict to the originating > server? Because webhosting is fairly common. In that case you have many hostnames associated with a single server, and a different port may well correspond to a different entity (in the "person or organization" sense of entity). > BTW you absolutely should not allow even HTTP requests to anything but > the originating server from Script, otherwise they can browse > a persons intranet Of course. > Sorry, I totally disagree, this is still a very useful interface. > Not everything on the web is or should be HTTP. There are many > cases where you want long lived connections with Bi-directional > data. I agree with this in principle. I just don't see how it can be made to work semi-reliably in practice without being a major hassle to the user (having to manually white-list sites, etc). -BorisReceived on Thursday, 4 November 2004 19:15:35 UTC
This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:14:52 UTC