- From: Robin Berjon <robin.berjon@expway.fr>
- Date: Mon, 18 Aug 2003 20:04:57 +0200
- To: Bernhard Zwischenbrugger <bz@datenkueche.com>
- Cc: "www-svg@w3.org" <www-svg@w3.org>
Bernhard Zwischenbrugger wrote: > You can't compare the security model of desktop applications with > web content. I agree, my point was about intention. > The user will turn this off and if it is not possible to turn it off > the user will not use it. > It is the same problem as with outlook. People click to executable > attachments,... So lets think about ways in which things could be secure without the limitations available today. >>That certainly resulted >>in a massive amount of extra requests being sent there, with no discernible > > Favicon for normal isn't a script and there is max. ONE connection per HTML > Page. Times many people doing that on sites that get several million pages served a day mean a *lot* of request :) > It's more serverside programming and less client side programming. No, it's more total (client+server) programming. You do about as much server programming as you would do client, plus what is needed to convert that to HTTP messages, plus the part on the client to convert those HTTP messages to something useful, plus the buffering and polling code to emulate push protocols. Connecting only to same host (but on any port) would, it seems, solve a good number of those issues and make server-side programming a one-off (just provide the proper proxy). What do you think? -- Robin Berjon <robin.berjon@expway.fr> Research Engineer, Expway http://expway.fr/ 7FC0 6F5F D864 EFB8 08CE 8E74 58E6 D5DB 4889 2488
Received on Monday, 18 August 2003 14:05:04 UTC