[whatwg] TCPConnection feedback
cartermichael at gmail.com
Wed Jun 18 14:09:02 PDT 2008
> Still I do not believe it should have a specific protocol. If a
> protocol is decided on, and it is allowed to connect to any IP-address
> - then DDOS attacks can still be performed: If one million web
> browsers connect to any port on a single server, it does not matter
> which protocol the client tries to communicate with. The server will
> still have problems.
Aren't there and identical set of objections to the cross-domain
access-control header? Or microsofts XDR object? Even without Websocket,
browsers will be making fully cross-domain requests, and the only question
left is how exactly to implement the security in the protocol. That said,
there's no additional harm in allowing WebSocket to establish cross-domain
connections, but there are many benefits.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg