[whatwg] TCPConnection feedback

Michael Carter cartermichael at gmail.com
Wed Jun 18 14:09:02 PDT 2008


> Still I do not believe it should have a specific protocol. If a
> protocol is decided on, and it is allowed to connect to any IP-address
> - then DDOS attacks can still be performed: If one million web
> browsers connect to any port on a single server, it does not matter
> which protocol the client tries to communicate with. The server will
> still have problems.
>

Aren't there and identical set of objections to the cross-domain
access-control header? Or microsofts XDR object? Even without Websocket,
browsers will be making fully cross-domain requests, and the only question
left is how exactly to implement the security in the protocol. That said,
there's no additional harm in allowing WebSocket to establish  cross-domain
connections, but there are many benefits.

-Michael Carter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080618/4e1bc6ec/attachment-0001.htm>


More information about the whatwg mailing list