- From: Philipp Serafin <phil127@gmail.com>
- Date: Wed, 18 Jun 2008 23:26:37 +0200
> Still I do not believe it should have a specific protocol. I think a major problem with raw TCP connections is that they would be the nightmare of every administrator. If web pages could use every sort of homebrew protocol on all possible ports, how could you still sensibly configure a firewall without the danger of accidentally disabling mary sue grandmother's web application? Also keep in mind the issue list Ian brought up in the other mail. Things like URI based adressing and virtual hosting would not be possible with raw TCP. That would make this feature a lot less useable for authors that do not have full access over their server, like in shared hosting situations, for example. > [If a] protocol is decided on, and it is allowed to connect to any IP-address > - then DDOS attacks can still be performed: If one million web > browsers connect to any port on a single server, it does not matter > which protocol the client tries to communicate with. The server will > still have problems. Couldn't this already be done today, though? You can already today connect to an arbitrary server on an arbitrary port using forms, <img>, <script src=""> and all other references that cannot be cross-domain protected for backwards compatibillity reasons. The whole hotlinking issue is basically the result of that. How would WebSocket connections be more harmful than something like setInterval(function(){ var img = new Image(); img.src = "http://victim.example.com/" + generateLongRandomString(); }, 1000); for example would?
Received on Wednesday, 18 June 2008 14:26:37 UTC