[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] Re: Building in security

From: Udo Giacomozzi
Subject: Re: [Gnash-dev] Re: Building in security
Date: Wed, 2 May 2007 16:00:47 +0200

Hello Eric,

Wednesday, May 2, 2007, 2:56:30 PM, you wrote:
EH> Now, look!, nothing up my sleeve.  Arbitrary data exchange is a foundation
EH> for DDOS (distributed denial of service), for example, which provides a
EH> generic class of malicious use of clients.

Okay, but I could do a DDOS easily with just plain standard HTML and
some hundreds of <IMG> Tags as well, I don't need Flash for that. I
mean, this is something that should be done at browser level.

EH> What are the other details?  I
EH> can't say right now.  What I can say is that allowing arbitrary operations
EH> by a client is the moral equivalent of providing a programmable network
EH> server.  Would you grant login/password to every web site you visit?

Certainly not. But to fix a problem, I need to understand it first.
IMHO, we need to implement the same cross-domain policy in Gnash too,
to be compatible. We can add additional security features if we want,
but I currently have no idea which problems they could solve. Who/what
is the enemy?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]