- From: Philipp Serafin <phil127@gmail.com>
- Date: Thu, 19 Jun 2008 03:15:51 +0200
On Thu, Jun 19, 2008 at 12:46 AM, Frode B?rli <frode at seria.no> wrote: > Web pages should only be allowed to access other servers when the > script has been digitally signed, and when the user has agreed to > giving the script elevated privileges - or there should be a > certificate on the origin server which is checked against DNS records > for each server that the script attempts to connect to. What prevents a malicious site from simply getting their own certificate? As for user prompts, I think we have seen how well that works with IE's ActiveX controls. I fear malicious sites would just put up a "Click 'yes' in the next dialog to continue" message, and we're back to square one. DNS records sound like a good idea though. > So what we want is a http based protocol which allow the client to > continue communicating with the script that handles the initial > request. I absolutely agree that this would be the best way. However, couldn't we use Michaels proposal for that? It seems to solve the same problems and is actually compliant HTTP (in theory at least). I find the SessionID header a very good idea though.What are the thoughts on that? I'm sorry if that has already been discussed, but if we use HTTP, why can't we use the Access Control spec as an "opt in mechanism" that is a little easier to implement than DNS? If you modify the behaviour a little, you could even use it against DDOS attacks: "Counter suggestion": When a WebSocket objects attempts to connect, perform Access Control checks the way you would for POST requests. If the check fails and if the server response contains an Access-Control-Max-Age header, agents must immediately close the connection and must not open a connection to that resource again (or, if Access-Control-Policy-Path is present, to any resource specified) until the specified time has elapsed. That way, administrators that are hit by a DDOS can simply put Access-Control: allow <*> exclude <evilsite.example.com> Access-Control-Max-Age: 86400 Access-Control-Policy-Path: / in their server headers and the stream should relatively quickly slow down to a trickle. What do you think? With best regards, Philipp Serafin
Received on Wednesday, 18 June 2008 18:15:51 UTC