This is a bit different to normal applications though.
Normal apps:
Developer writes application. Code is installed via user engagement with a package management or installation system.
Comet apps:
Developer writes application. Code is pulled and executed by (almost) every vistor to the website it is deployed on.
If the code could open sockets to arbitrary destinations then a high traffic site could be used to spawn a very effective DDOS or distribute hacking attempt.
Of course for Orbited this isn't relevant as the browser security model limits connections to the originating host. So you can't, say, embed javascript into Slashdot.org that does:
End users >>> DDOS attack target.
Instead you get:
End users >>> Slashdot.org proxy >>> DDOS attack taget.
(Which is obviously a total waste of time as any attack via this method would be predicated on having control of Slashdot.org in the first place.)
Normal apps: Developer writes application. Code is installed via user engagement with a package management or installation system.
Comet apps: Developer writes application. Code is pulled and executed by (almost) every vistor to the website it is deployed on.
If the code could open sockets to arbitrary destinations then a high traffic site could be used to spawn a very effective DDOS or distribute hacking attempt.
Of course for Orbited this isn't relevant as the browser security model limits connections to the originating host. So you can't, say, embed javascript into Slashdot.org that does:
End users >>> DDOS attack target.
Instead you get:
End users >>> Slashdot.org proxy >>> DDOS attack taget.
(Which is obviously a total waste of time as any attack via this method would be predicated on having control of Slashdot.org in the first place.)