[Papervision3D] cross swf btye array sandbox error???
Makc
makc.the.great at gmail.com
Mon Oct 13 07:29:30 PDT 2008
On Mon, Oct 13, 2008 at 3:29 PM, Jon Bradley <jbradley at postcentral.com> wrote:
>
> On Oct 13, 2008, at 7:05 AM, Makc wrote:
>
>> on the contrary, this is perfectly possible with this security
>> exception, as you see it has address of content from other domain that
>> user currently accesses:
>
> I meant anything aside from the security error. I don't know of any
> way to actually capture that error as a string and do anything with
> it. So, as far as I know, although you can see the error you can't do
> anything with it.
presumably you can catch it... right? I assume you can, I didnt tested it.
>
>> it is funny how security exception itself provides peronal info which
>> is direct breach of security.
>
> It's not personal info. It's just the path - which is quite legible
> through any browser utility (firebug for example). The path to what
> is being loaded isn't really a security issue.
>
so, what you are saying, it is perfectly ok for flash file in
mydomain.com to try to compute spectrum and, as the result, receive an
error saying what movie from otherdomain.com is being played in user's
other tab? this pretty much equals to allowing mydomain.com to spy on
what user does. as you said, there should be no way for me to do this.
More information about the Papervision3D
mailing list