Re: FLASH: Flash Functionality Verification

[Matt Wobensmith]

Hi John,


You wrote:


>I  would appreciate verification, or better yet refudiation, that Flash

>does not allow the loading of variables from Domains other than

>the one servicng the movie. 



Indeed, this change was made to prevent potential abuse.


If a Flash movie is allowed to access data from any domain, a malicious

author could make a movie that targets an internal server behind a firewall,

and potentially send that data back to any remote location they wish. That

would be bad.


With the suggested server script, this means the script runs on YOUR domain.

Much safer.


Our TechNote on this is here:


Load Variables from a data source on another domain is not working

#14123

http://www.macromedia.com/support/flash/ts/documents/loadvars_security.htm


I understand people's points about the convenience of executing server

scripts from anywhere, but this also leaves the door open to abuse. There

are lots of companies and institutions that use Flash because it is safe.

Allowing this potential abuse would certainly sour a lot of people on the

Flash Player and its security. As it is now, it's very safe. 


Matt


---------------

Matt Wobensmith

Macromedia


flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     flashforward2000 and the Flash(tm) Film Festival

 July 24-26, 2000, NEW YORK CITY, Hammerstein Ballroom

                  www.flashforward2000.com

   Produced by United Digital Artists and lynda.com

 Sponsored by Macromedia, Adobe Systems, Fusion, Inc, AtomFilms,

           shockwave.com and Electric Rain.

 1.877.4.FLASH.4  or (1.805.640.6679 outside the US and Canada)

 Register before June 30 and save $200!!-- www.flashforward2000.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com