<div dir="ltr">On Mon, Mar 18, 2013 at 6:38 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 3/18/2013 17:11, James Sumners wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, Mar 18, 2013 at 7:59 PM, Scott Plante <<a href="mailto:splante@insightsys.com" target="_blank">splante@insightsys.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
He was a SpringSource guy and so he also talked a lot about the Spring 4.0<br>
WebSocket support ...<br>
</blockquote>
<br>
Which means you'll get no useful documentation on the web, maybe some<br>
crappy YouTube video that talks about how great the technology is, and<br>
a link to buy a book.<br>
<br>
</blockquote>
<br></div>
So when does the betting start on the timing of the first exploit of websockets that vacuums data of a user's hard drive and sends it to some remote location unknown whether by a black hat or by a sneaky company (Google, Facebook, etc.)?<div class="HOEnZb">
<div class="h5"><br></div></div></blockquote><div><br></div><div style>I don't see how WebSockets makes it substantially easier to do this than existing infrastructure. WebSockets doesn't give access to local hard drive any more than you have with regular JS. (LocalStorage does, but in a contained way, and that's a different beast altogether...)</div>
<div> </div></div>Where WebSockets does give me pause is in the context of XSS, but same origin policy largely addresses that (yes, if same origin policy is broken then you have a problem, but again, not a problem unique to WebSockets.)<br clear="all">
<div><br></div>-- <br>David Tomaschik<br>OpenPGP: 0x5DEA789B<br><a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br><a href="mailto:david@systemoverlord.com" target="_blank">david@systemoverlord.com</a>
</div></div>