- From: Jim Ley <jim@jibbering.com>
- Date: Thu, 4 Nov 2004 21:39:03 -0000
- To: www-svg@w3.org
"Boris Zbarsky" <bzbarsky@MIT.EDU> wrote in message news:418A80D9.6000906@mit.edu... > Of course. You have to block both access to random ports and access to any > host but the originating one... You always have to block random hosts - Mozilla is currently the only browser to provide by default (and last I looked non-disablable) access to non-originating hosts via javascript http requests. That is a much larger security problem than accessing ports other than the originating one on the same host. Something that other user agents more than deal with. > Which radically reduces utility, unfortunately :(. There's no utility problem here - whilst it makes fun things like IRC clients harder, that's right - what it allows though is server pushed data in an efficient mechanism, I spend an awful lot of my time, and I know of an awful lot of resources that go to streaming data down to a client - the stock ticker being the most obvious use case - currently this is generally implemented with a kept open HTTP connection that gets script written to it occasionally, obviously this is extremely inefficient, knocking out 50% of connections simply to provide a stock price every 5 minutes, is simply inefficient, and something none-of-us put up with, we only want to talk back to the originating server, it's not a problem. Jim.
Received on Thursday, 4 November 2004 21:39:22 UTC