W3C home > Mailing lists > Public > www-svg@w3.org > November 2004

Re: SVG 1.2 Comment: B.2.3 Socket Connections

From: Jim Ley <jim@jibbering.com>
Date: Thu, 4 Nov 2004 21:39:03 -0000
To: www-svg@w3.org
Message-ID: <cme7i6$7dq$1@sea.gmane.org>


"Boris Zbarsky" <bzbarsky@MIT.EDU> wrote in message 
news:418A80D9.6000906@mit.edu...

> Of course. You have to block both access to random ports and access to any 
> host but the originating one...

You always have to block random hosts - Mozilla is currently the only 
browser to provide by default (and last I looked non-disablable) access to 
non-originating hosts via javascript http requests.  That is a much larger 
security problem than accessing ports other than the originating one on the 
same host.  Something that other user agents more than deal with.

> Which radically reduces utility,  unfortunately  :(.

There's no utility problem here  - whilst it makes fun things like IRC 
clients harder, that's right - what it allows though is server pushed data 
in an efficient mechanism, I spend an awful lot of my time, and I know of an 
awful lot of resources that go to streaming data down to a client - the 
stock ticker being the most obvious use case - currently this is generally 
implemented with a kept open HTTP connection that gets script written to it 
occasionally, obviously this is extremely inefficient, knocking out 50% of 
connections simply to provide a stock price every 5 minutes, is simply 
inefficient, and something none-of-us put up with, we only want to talk back 
to the originating server, it's not a problem.

Jim. 
Received on Thursday, 4 November 2004 21:39:22 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:14:52 UTC