[osflash] [Slightly OT] Gnash & the security model
liguorien at hotmail.com
Thu Feb 2 13:31:46 EST 2006
But the client needs to install Charles and setup the rule to hack his own
server, so it doesn't change anything, right ?
----- Original Message -----
From: "Evert | Collab" <evert at collab.nl>
To: "Open Source Flash Mailing List" <osflash at osflash.org>
Sent: Thursday, February 02, 2006 12:59 PM
Subject: Re: [osflash] [Slightly OT] Gnash & the security model
> Charles is an easy program to test this. You can make custom responses
> to certain http requests. For testing you can easily setup a rule that
> will always return a <allow-access-from domain="*" /> at any http request.
> I'm sure you would agree that security should always be on the server,
> and not on the client.
> Mike Chambers wrote:
>> Could you please explain this with an example? Crossdomain does not
>> exist to prevent DoS attacks.
>> mike chambers
>> mesh at adobe.com
>> On Feb 2, 2006, at 8:17 AM, Evert | Collab wrote:
>>> It's merely prevents 'the regular
>>> user' from consuming other people's services, but I doesn't stop a
>>> malicious user.
>> osflash mailing list
>> osflash at osflash.org
> osflash mailing list
> osflash at osflash.org
More information about the osflash