Re[2]: [Gnash-dev] Building in security

[Udo Giacomozzi]

Hello Rob,

Thursday, April 26, 2007, 8:08:51 PM, you wrote:
RS>   Currently the only security in Gnash is a simple whitelist/blacklist
RS> of URLs to not load content from. This is more like Adblock, than real
RS> security though, but at least it does prevent Flash movies from loading
RS> content over the network that you don't want.

Allow me this question: What *real* security risk is there when a
Flash movie loads data from wherever it likes?

The MM player does not allow loadVariables() from foreign domains, but
allows loadMovie() from anywhere. Anyway, I don't see any problem with
loading data from wherever you want.

If collecting personal data (ie. sending whatever data to a server) is
a concern, then you have to block any network connection, *especially*
connections to the *same* domain. I mean, if you really want to gather
statistics or whatever information from your visitors, then why would
you use a foreign server for that? And you can't certainly block the
movie's domain as this will break lots of movies / web pages.

I, personally, would be happy to have a player that at least tells me
what network connections are made by my player (which, at the other
hand, can be done easily with MM player + other tools, bzw). Blocking
*any* network connection by request is fine, too. But is there really
a URL/domain that I should generally add to my blacklist?

The discussion is similar to XML loading with JavaScript. Foreign
domains are not allowed (again: why?) and this makes it difficult to
create some kinds of AJAX applications (you know, WEB 2.0). One
workaround is to load whole JavaScript files dynamically. That is
allowed for whatever URL you like and, while giving me lots of
possibilities as a programmer, imposes a much higher security risk if
you ask me as this does not just load data.

So, I'm curious about any real security risk scenario involved with
loading/exchanging data from anywhere.

Udo