jack at chesspark.com
Sat Aug 30 11:45:18 CDT 2008
Ugh. Wrong. Please don't make such sweeping generalizations. In a
current trends continue.
> Ok, you could use some in-band connections and even employ some of the
> crypto stuff but... first applies. Lots of work for no real reason.
BOSH exists and supports TLS. It's also widely implemented.
> anyway (you don't have access to local data). But the SAS method
> discussed earlier would work.
You easily have access to local data if you use the Dojo framework,
Google Gears, or a small bit of Flash. This is not a problem in
reality. Users know that for true security they will have to jump
through extra hoops, and installing Gears is really not that large of
a hoop. Also, HTML5 will contain standardized local data storage as I
recall, so what you are talking about is a current browser limitation,
easily circumvented with current tools. This will not be the state of
the Web in five years.
those has easy access to local storage and can even make direct XMPP
connections without BOSH.
More information about the Security