net.connect() in the browser?

[aliasone]

I was wondering if it's possible to use this TCP abstraction in the
browser? I'm looking into browserify right now but maybe something
already exists like this browser-side, or perhaps it's not possible?
Thanks for any help!

[Dave Clements]

I think the closest thing to pure TCP in the browser is websockets,  http://www.w3.org/TR/websockets/ 

The most all around Node library that supports websockets in the browser with good fallbacks is socket.io: http://socket.io/ 

[Mark Hahn]

Chrome supports real net sockets now with a flag

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[hupere...@googlemail.com]

Outstanding

Sent from my BlackBerry® smartphone on O2

---

From: Mark Hahn <ma...@hahnca.com>

Sender: nod...@googlegroups.com

Date: Tue, 22 May 2012 09:48:08 -0700

To: <nod...@googlegroups.com>

ReplyTo: nod...@googlegroups.com

Subject: Re: [nodejs] Re: net.connect() in the browser?

[Arnout Kazemier]

But thats for extensions only if i recall correctly

[Tim Caswell]

Don't expect any sane person to enable tcp sockets to the general internet.  Allowing unrestricted tcp access to your LAN from a internet page is extremely dangerous.  It essentially bypasses your firewall and most security constraints.  On the other hand, for privileged apps, this gives web apps a lot of power.  Combined with binary data types, everything from database drivers to X11 Desktop apps could be written in pure JS.

[Jorge]

On May 22, 2012, at 7:37 PM, Tim Caswell wrote:

> Don't expect any sane person to enable tcp sockets to the general internet. Allowing unrestricted tcp access to your LAN from a internet page is extremely dangerous. It essentially bypasses your firewall and most security constraints. (...)

Nah... :-P
--
Jorge.

[Mark Hahn]

>  Allowing unrestricted tcp access to your LAN from a internet page is extremely dangerous.  

I don't think anyone was suggesting that.  You'd obviously have restrictions on access just as you would on anything connected to the net.

[Tim Caswell]

On Tue, May 22, 2012 at 2:56 PM, Mark Hahn <ma...@hahnca.com> wrote:

>  Allowing unrestricted tcp access to your LAN from a internet page is extremely dangerous.  

I don't think anyone was suggesting that.  You'd obviously have restrictions on access just as you would on anything connected to the net.

How would that work?  Same-domain restrictions wouldn't work since the port is considered part of the domain.  The port that serving js obviously doesn't speak another protocol.  Websockets get away with it because they start out as http.  Cross-domain permissions usually require something at the application protocol level.  I don't see how that could be integrated with allowing arbitrary tcp traffic from the dom. My understanding of the chrome feature is it's unrestricted access for apps that have the special permissions.  The browser's process is inside the firewall and could access local tcp servers and impersonate anything it had the right bits for.

[Mark Hahn]

In general, running an app inside a page is no different that running any other downloaded app on the desktop.  What protection does a downloaded app have that the browser couldn't have?

[Oliver Leics]

On Tue, May 22, 2012 at 11:29 PM, Mark Hahn <ma...@hahnca.com> wrote:
> In general, running an app inside a page is no different that running any
> other downloaded app on the desktop.

(I assume with "Page" you mean a Webpage inside the browser)

It is very different in that you have to trust the downloaded app (aka
software, program, etc) you run on your computer and that a browser
generally never trusts the webpage it displays.

Extensions/Apps for browsers are software you have to trust if you
install them, even if you install them within the browser. The browser
trusts them, as you did downloaded and installed them. You are the one
that granted access to all of your local stuff.

> What protection does a downloaded app
> have that the browser couldn't have?

The browser simply does not protect you if you use browser
apps/extensions. One can read out all of your files with an browser
extension/app you installed.

Well, of curse, here and there the browser tries to protect you, but
mostly in a way to ask for permission. And mostly they click "OK"...

(BTW: All that App/Extension/Plugin marketing stuff makes it very fuzzy)

[Mark Hahn]

>  The browser simply does not protect you if you use browser apps/extensions. 

You are talking in the present tense but I thought we were talking about a future feature for browsers.  Theoretically the browser would offer the same security features a downloaded app does.  It would simply warn you of what you are doing and then ask you if you want to allow the "app" to run.  You are making assumptions about what browser vendors would be willing to provide.

I personally think this type of net interface must be offered if browsers are intending to replace apps and I know the vendors want to do that.  Or at least I'm sure google does.

[Oliver Leics]

About TCP/IP (net.connect) for the browser: It is possible and it will
be done, but i assume if in a fake form.

About warnings:

They (the very end user) will be warned.
They will not understand that warning.
They will not understand all of those warnings.
They will not read warnings anymore.
They will decide to click on the left button as fast as they can on
any future dialog that has some text and one to three buttons.
They will decide to think that vendors only show those dialogs to tell
them that they are in a save harbor.

Then, there is just one dialog between us and all of their private stuff.

Hooray AppMarkets ;-)

"...and suddenly browsers turned into operating systems."

> --
> Job Board: http://jobs.nodejs.org/
> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> You received this message because you are subscribed to the Google
> Groups "nodejs" group.
> To post to this group, send email to nod...@googlegroups.com
> To unsubscribe from this group, send email to
> nodejs+un...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/nodejs?hl=en?hl=en



--

Oliver Leics @ G+
https://plus.google.com/112912441146721682527

[Mark Hahn]

>  They will not read warnings anymore. 

Did they ever?  :-)