[osflash] [Slightly OT] Gnash & the security model
Nicolas Désy
liguorien at hotmail.com
Thu Feb 2 13:31:46 EST 2006
But the client needs to install Charles and setup the rule to hack his own
server, so it doesn't change anything, right ?
Nicolas
----- Original Message -----
From: "Evert | Collab" <evert at collab.nl>
To: "Open Source Flash Mailing List" <osflash at osflash.org>
Sent: Thursday, February 02, 2006 12:59 PM
Subject: Re: [osflash] [Slightly OT] Gnash & the security model
> Charles is an easy program to test this. You can make custom responses
> to certain http requests. For testing you can easily setup a rule that
> will always return a <allow-access-from domain="*" /> at any http request.
>
> I'm sure you would agree that security should always be on the server,
> and not on the client.
>
> Evert
>
> Mike Chambers wrote:
>> Could you please explain this with an example? Crossdomain does not
>> exist to prevent DoS attacks.
>>
>> mike chambers
>>
>> mesh at adobe.com
>>
>> On Feb 2, 2006, at 8:17 AM, Evert | Collab wrote:
>>
>>
>>> It's merely prevents 'the regular
>>> user' from consuming other people's services, but I doesn't stop a
>>> malicious user.
>>>
>>
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
>>
>
>
> _______________________________________________
> osflash mailing list
> osflash at osflash.org
> http://osflash.org/mailman/listinfo/osflash_osflash.org
>
More information about the osflash
mailing list