[LINK] WebSockets

Greg Taylor gtefa at internode.on.net
Wed Mar 30 13:37:27 AEDT 2011


This is worth viewing:
http://www.xtranormal.com/watch/7991991/

On 2011/03/29 8:05 PM, rene wrote:
> [...]
> Apparently late last year, due to security issues in WebSockets protocol,
> various browsers including Firefox and Opera disabled default support,
> which resulted in web pages about how to re-enable support. Doing the
> opposite, ie. in terms of ticking/unticking a box or changing a true/false
> field, will disable Websockets:
>
> http://techdows.com/2010/12/enable-websockets-in-opera-11.html
> http://techdows.com/2010/12/turn-on-websockets-in-firefox-4.html
>
> I've no idea whether the security issues have been resolved, nor what the
> default state of enablement is in various browsers. Nor do I know whether
> Websockets can be disabled in IE or anything else.
>
> I knew about Opera because when I install a new version I typically look
> through the "config" local page for new stuff that I might not want. Since
> Firefox and Opera quite often have similar enable/disable options in the
> "config" page, I guessed Firefox may, and looked for that. Haven't bothered
> to search for whether any browser enables disablement.
>

I've tried to find out more about the current status of the security 
issues, but I've been unsuccessful.

What we seem to have here is an immature HTML5 feature, and an unsettled 
protocol specification, being released in production versions of various 
browsers so that developers can play with it, amid confusion about 
whether the feature is enabled or disabled by default in some browser 
versions.

Quite apart from concerns about pushed content, it would seem prudent to 
disable WebSockets until there is clarification about the status of the 
security issues.

Greg




More information about the Link mailing list