Re: In Defense of HTML5

[Michal Zalewski <lcamtuf () coredump cx>]

> WebSockets are a concern to me. An attacker almost always wants to
> egress data (otherwise, what's the point?), so WebSockets are an
> addition to the attacker's war chest. In addition, WebSockets make it
> really convenient to setup reverse proxies (emphasize convenient).

Marginally so... there is a lot of web apps that handle low-latency,
interactive streaming in a variety of situations, and they don't need
WS for that.

WS is slightly more convenient where supported, indeed, but it doesn't
really enable anything that wasn't perfectly possible (and done)
before.

/mz
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.