- From: Adrian Sutton <adrian.sutton@ephox.com>
- Date: Fri, 20 Jun 2008 15:31:20 +0100
(Frode, this is one of those lists where you have to hit reply all instead of just reply to send your response to the list. I'm assuming you meant for that, apologies if you'd meant it to be a private reply.) On 20/06/2008 15:01, "Frode B?rli" <frode at seria.no> wrote: >> Actually, DNS servers, particularly for reverse DNS lookups, are out of the >> control of a huge number of authors on the web. Shared hosting accounts for >> instance don't have a unique reverse IP look up. There are also plenty of > > The reverse DNS spec specifically allows one IP address to have > multiple reverse domains. So how do you know which one to use? >> people who don't control their DNS at all for whatever reason. > > 1. People that do not have control over the reverse lookup seldom have > control over multiple servers and seldom require to distribute load > like this. I have a few shared hosting sites that I manage and a few servers with dedicated IPs but I still don't control the reverse DNS on any of them. Even if I only had one server, I might still want to provide an API that other people could use in their JavaScript - eg: to include headlines/content from my RSS feed. > 3. Hosting providers will add tools allowing their customers to > configure this security framework, if it is required - but again; if > you are on a shared server you most likely will not need to connect to > multiple servers. It will also usually suffice to have a proxy on the > server (like many people do for XMLHttpRequests now). My experience is that hosting providers can be extremely slow to add tools though it has improved lately. My second thought is to wonder why DDOS is a concern for JavaScript cross site scripting compared to simply writing out (either directly from the ad server or from JS): <img src="http://otherhost/whatever.jpg"> an awful lot and generating the same load on the server. Regards, Adrian Sutton. ______________________ Adrian Sutton, CTO UK: +44 1 753 27 2229 US: +1 (650) 292 9659 x717 Ephox <http://www.ephox.com/> Ephox Blogs <http://planet.ephox.com/>, Personal Blog <http://www.symphonious.net/>
Received on Friday, 20 June 2008 07:31:20 UTC