W3C home > Mailing lists > Public > www-svg@w3.org > November 2004

Re: SVG 1.2 Comment: B.2.3 Socket Connections

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 04 Nov 2004 13:14:50 -0600
Message-ID: <418A7FAA.7050907@mit.edu>
To: Thomas DeWeese <Thomas.DeWeese@Kodak.com>
CC: www-svg@w3.org

Thomas DeWeese wrote:
>    Why would you restrict ports if you restrict to the originating
> server?

Because webhosting is fairly common.  In that case you have many 
hostnames associated with a single server, and a different port may well 
correspond to a different entity (in the "person or organization" sense 
of entity).

> BTW you absolutely should not allow even HTTP requests to anything but
> the originating server from Script, otherwise they can browse
> a persons intranet

Of course.

>    Sorry, I totally disagree, this is still a very useful interface.
> Not everything on the web is or should be HTTP.  There are many
> cases where you want long lived connections with Bi-directional
> data.

I agree with this in principle.  I just don't see how it can be made to 
work semi-reliably in practice without being a major hassle to the user 
(having to manually white-list sites, etc).

-Boris
Received on Thursday, 4 November 2004 19:15:35 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:14:52 UTC