Yep, and i wrote about differences to such approach in the post. Don't get me wrong, this is definitely a hack, I'm not saying people should stop doing it the old way.
Likewise. While I appreciate the concept of a bridge (I'm a strong believer that the fastest app is the app that does practically nothing at all, and I can see the benefit of using a TCP-bridge like thing to make something faster), I just think we should not be reinventing the wheel.
That is to say, if you need a TCP connection to any server, you probably should not be implementing it over HTTP (well, this is where definitions get difficult, since you know, HTTP is technically TCP. Fuck)
it's not about pure tcp, as i get it - it allows you communicate from browser directly (via webtcp server as a bridge) with any servers such as redis, mongodb, rabbitmq and so on.
WebBrowser --- data ---> WebTCP bridge (translate data to servers) --- data ---> redis/rabbitmq/any_tcp(and i think udp also possible?)_server_even_smtp
On the contrary, this sort of things allows us to write clients in a uniform way. It will be nice to be able to debug the redis client in a jsfiddle. :)
I think this is a great idea. From the moment I heard of WebSockets I was disappointed it was only a thing between the sockets-capable-web-server and the client and not a real TCP connection to wherever you want. This solves stuff :) However, I think that you should keep an eye on the possible security implications (ex. fooling the same origin policy, using your websockets proxy as a hub to attack other systems on the internet, ...)
Isn't the major benefit of WebSockets that is actually has a fair chance to pass through all the crazy proxies and gateways installed in every office, home and coffe shop, that would otherwise filter any non-HTTP traffic?
This is an awesome hack. We really need real TCP connections from the browser. Until then this looks like a great workaround. I eagerly await the day we can use the browser for everything we do (did?) with Desktop apps.
This is definitely a cool hack, but please be mindful of the security considerations of deploying something like this on the internet. Running an open proxy that allows any client to perform arbitrary TCP connections bouncing through your servers is a bad idea.
First, you need to worry about the security implications of each internal server that you expose intentionally. Just how much damage can someone with direct access to your Redis instance cause? Better read http://redis.io/topics/security, and repeat this for every other service you want to expose.
Second, you are going to effectively need a whitelist of allowed connections, either in the proxy, or at the firewall level (which most people are going to forget to configure, if they even know how). Without that you are going to allow arbitrary bypass of your firewall for internal services, as well as effectively running an open proxy for anyone looking to bounce their malicious traffic through your server.
Nice hack (although I would put this in the category of 'workaround'). The idea is cool, but I can already imagine all sorts of debugging nightmares with this approach. To begin with, how do we find out where the connection is broken (Is it the client socket or the proxy socket)? Bad connections have different reasons (in C terms: ECONNRESET, EWOULDBLOCK, ENETUNREACH, etc); are these specific reasons propagated verbatim? What about flow control between proxy and client?
There is always a chasm between whipping up a cool hack and making something usable. This hack needs a long bridge in between.
This is just what I need to complete the in-browser app I'm building to navigate and read these new hypertext pages I'm creating. I've developed a markup language that will let you reference any of these documents from any other. The app that lets you view them is going to work in any browser that supports WebTCP, too, for the ultimate in cross-platform compatibility!
31 comments
[ 2.8 ms ] story [ 82.5 ms ] threadIf you want a client-side app that uses TCP, why must you do it over the web? The appeal of write-once-run-everywhere?
We really need to stop reinventing the wheel
That is to say, if you need a TCP connection to any server, you probably should not be implementing it over HTTP (well, this is where definitions get difficult, since you know, HTTP is technically TCP. Fuck)
Pub/sub is well catered for by socket.io (websockets).
This glue belongs on the server.
If I did need arbitrary TCP connections my first thought would be a websocket proxy...
WebBrowser --- data ---> WebTCP bridge (translate data to servers) --- data ---> redis/rabbitmq/any_tcp(and i think udp also possible?)_server_even_smtp
It's not entirely bogus, just mostly so. I really dislike this whole "the internet == the web" way of thinking, though.
Down that path lies madness.
So it's really more like a NAT bridge.
First, you need to worry about the security implications of each internal server that you expose intentionally. Just how much damage can someone with direct access to your Redis instance cause? Better read http://redis.io/topics/security, and repeat this for every other service you want to expose.
Second, you are going to effectively need a whitelist of allowed connections, either in the proxy, or at the firewall level (which most people are going to forget to configure, if they even know how). Without that you are going to allow arbitrary bypass of your firewall for internal services, as well as effectively running an open proxy for anyone looking to bounce their malicious traffic through your server.
There is always a chasm between whipping up a cool hack and making something usable. This hack needs a long bridge in between.
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
http://news.ycombinator.com/item?id=4366555 http://browserver.org/