In general, running an app inside a page is no different that running any other downloaded app on the desktop. What protection does a downloaded app have that the browser couldn't have?
On Tue, May 22, 2012 at 1:35 PM, Tim Caswell <[email protected]> wrote: > > > On Tue, May 22, 2012 at 2:56 PM, Mark Hahn <[email protected]> wrote: > >> > Allowing unrestricted tcp access to your LAN from a internet page is >> extremely dangerous. >> >> I don't think anyone was suggesting that. You'd obviously have >> restrictions on access just as you would on anything connected to the net. >> >> > How would that work? Same-domain restrictions wouldn't work since the > port is considered part of the domain. The port that serving js obviously > doesn't speak another protocol. Websockets get away with it because they > start out as http. Cross-domain permissions usually require something at > the application protocol level. I don't see how that could be integrated > with allowing arbitrary tcp traffic from the dom. My understanding of the > chrome feature is it's unrestricted access for apps that have the special > permissions. The browser's process is inside the firewall and could access > local tcp servers and impersonate anything it had the right bits for. > > >> >> On Tue, May 22, 2012 at 11:59 AM, Jorge <[email protected]> wrote: >> >>> On May 22, 2012, at 7:37 PM, Tim Caswell wrote: >>> >>> > Don't expect any sane person to enable tcp sockets to the general >>> internet. Allowing unrestricted tcp access to your LAN from a internet >>> page is extremely dangerous. It essentially bypasses your firewall and >>> most security constraints. (...) >>> >>> Nah... :-P >>> -- >>> Jorge. >>> >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nodejs?hl=en?hl=en >>> >> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
