On Tue, May 22, 2012 at 2:56 PM, Mark Hahn <[email protected]> wrote: > > Allowing unrestricted tcp access to your LAN from a internet page is > extremely dangerous. > > I don't think anyone was suggesting that. You'd obviously have > restrictions on access just as you would on anything connected to the net. > > How would that work? Same-domain restrictions wouldn't work since the port is considered part of the domain. The port that serving js obviously doesn't speak another protocol. Websockets get away with it because they start out as http. Cross-domain permissions usually require something at the application protocol level. I don't see how that could be integrated with allowing arbitrary tcp traffic from the dom. My understanding of the chrome feature is it's unrestricted access for apps that have the special permissions. The browser's process is inside the firewall and could access local tcp servers and impersonate anything it had the right bits for.
> > On Tue, May 22, 2012 at 11:59 AM, Jorge <[email protected]> wrote: > >> On May 22, 2012, at 7:37 PM, Tim Caswell wrote: >> >> > Don't expect any sane person to enable tcp sockets to the general >> internet. Allowing unrestricted tcp access to your LAN from a internet >> page is extremely dangerous. It essentially bypasses your firewall and >> most security constraints. (...) >> >> Nah... :-P >> -- >> Jorge. >> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
