[ale] Web Socket Implementations
David Tomaschik
david at systemoverlord.com
Tue Mar 19 01:37:21 EDT 2013
On Mon, Mar 18, 2013 at 6:38 PM, Alex Carver <agcarver+ale at acarver.net>wrote:
> On 3/18/2013 17:11, James Sumners wrote:
>
>> On Mon, Mar 18, 2013 at 7:59 PM, Scott Plante <splante at insightsys.com>
>> wrote:
>>
>>> He was a SpringSource guy and so he also talked a lot about the Spring
>>> 4.0
>>> WebSocket support ...
>>>
>>
>> Which means you'll get no useful documentation on the web, maybe some
>> crappy YouTube video that talks about how great the technology is, and
>> a link to buy a book.
>>
>>
> So when does the betting start on the timing of the first exploit of
> websockets that vacuums data of a user's hard drive and sends it to some
> remote location unknown whether by a black hat or by a sneaky company
> (Google, Facebook, etc.)?
>
>
I don't see how WebSockets makes it substantially easier to do this than
existing infrastructure. WebSockets doesn't give access to local hard drive
any more than you have with regular JS. (LocalStorage does, but in a
contained way, and that's a different beast altogether...)
Where WebSockets does give me pause is in the context of XSS, but same
origin policy largely addresses that (yes, if same origin policy is broken
then you have a problem, but again, not a problem unique to WebSockets.)
--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130318/ae3b8b64/attachment.html>
More information about the Ale
mailing list