[prev in list] [next in list] [prev in thread] [next in thread]
List: cap-talk
Subject: Re: [cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)
From: David-Sarah Hopwood <david-sarah () jacaranda ! org>
Date: 2009-07-09 20:53:22
Message-ID: 4A5658C2.3080106 () jacaranda ! org
[Download RAW message or body]
stay wrote:
> On Wed, Jul 8, 2009 at 12:37 PM, David-Sarah
> Hopwood<david-sarah@jacaranda.org> wrote:
>> stay wrote:
>>> On Mon, Jul 6, 2009 at 2:53 PM, Karp, Alan H<alan.karp@hp.com> wrote:
>>>> To your first point above, can the software making the request be a script
>>>> on a page or a browser plug-in? If so, what prevents Bob's Finance from
>>>> delivering to the user's browser software that will make requests as Acme Finance?
>>>
>>> The fact that almost no one installs plugins.
>>
>> That's not true. They install Flash, and Flash ActionScript code can make
>> such requests.
>
> Flash communication is bound by the same-domain rules unless the
> target server explicitly makes an exception via crossdomain.xml or (if
> the target of the request is a flash file) the allowDomain() function.
OK, I stand corrected (although I note that Flash has had many exploitable
security vulnerabilities).
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic