[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [Gnash-dev] Building in security
From: |
Martin Guy |
Subject: |
Re[2]: [Gnash-dev] Building in security |
Date: |
Wed, 2 May 2007 10:48:12 +0100 |
What *real* security risk is there when a
Flash movie loads data from wherever it likes?
Assuming you've read http://gnash.lulu.com/wiki/index.php/Security
try googling: flash cross domain exploit
You can't certainly block the movie's domain as this will break lots of movies
Sure.
Is there really a URL/domain that I should generally add to my blacklist?
Making everyone collect bad domains one by one and edit them into a
config file is hopeless as a production solution.
We can just follow adobe's algorithm for a first hack - at least that
will solve the problems that the community has alerted them to.
Ultimately it would be good for someone to study the issues involved
more deeply and devise a less clunky solution, at least at the level
of user interface/interaction.
M
- Re[2]: [Gnash-dev] Building in security, Udo Giacomozzi, 2007/05/02
- Message not available
- Re[2]: [Gnash-dev] Building in security,
Martin Guy <=
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re: [Gnash-dev] Building in security, Martin Guy, 2007/05/02
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re: [Gnash-dev] Building in security, Martin Guy, 2007/05/02
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re[2]: [Gnash-dev] Building in security, Udo Giacomozzi, 2007/05/02
[Gnash-dev] Re: Building in security, Eric Hughes, 2007/05/02