[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnash-dev] Re: Building in security
From: |
Udo Giacomozzi |
Subject: |
Re: [Gnash-dev] Re: Building in security |
Date: |
Wed, 2 May 2007 16:00:47 +0200 |
Hello Eric,
Wednesday, May 2, 2007, 2:56:30 PM, you wrote:
EH> Now, look!, nothing up my sleeve. Arbitrary data exchange is a foundation
EH> for DDOS (distributed denial of service), for example, which provides a
EH> generic class of malicious use of clients.
Okay, but I could do a DDOS easily with just plain standard HTML and
some hundreds of <IMG> Tags as well, I don't need Flash for that. I
mean, this is something that should be done at browser level.
EH> What are the other details? I
EH> can't say right now. What I can say is that allowing arbitrary operations
EH> by a client is the moral equivalent of providing a programmable network
EH> server. Would you grant login/password to every web site you visit?
Certainly not. But to fix a problem, I need to understand it first.
IMHO, we need to implement the same cross-domain policy in Gnash too,
to be compatible. We can add additional security features if we want,
but I currently have no idea which problems they could solve. Who/what
is the enemy?
Udo
- Re[2]: [Gnash-dev] Building in security, Udo Giacomozzi, 2007/05/02
- Message not available
- Re[2]: [Gnash-dev] Building in security, Martin Guy, 2007/05/02
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re: [Gnash-dev] Building in security, Martin Guy, 2007/05/02
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re: [Gnash-dev] Building in security, Martin Guy, 2007/05/02
- Re: [Gnash-dev] Building in security, strk, 2007/05/02
- Re[2]: [Gnash-dev] Building in security, Udo Giacomozzi, 2007/05/02
[Gnash-dev] Re: Building in security, Eric Hughes, 2007/05/02
- Re: [Gnash-dev] Re: Building in security,
Udo Giacomozzi <=
Re: [Gnash-dev] Re: Building in security, Martin Guy, 2007/05/02
[Gnash-dev] Whitelists and Blacklists, Eric Hughes, 2007/05/02