Flasher Archive

[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: Re: FLASH: Flash Functionality Verification
From: John Dowdell
Date: Fri, 30 Jun 2000 21:52:25 +0100

At 8:29 AM 6/30/0, John Andrew Morrison wrote:
> What are the risks [of secret access to different domain] ?

There's a scenario under the old Shockwave technote:
"How to avoid getNetText security dialog"

Summary: When an applet plays behind a firewall, a lucky guess of the path
to a protected file can render it vulnerable to snooping. This is why Java,
Shockwave and Flash load data from the same domain, rather than any domain.

(Just in case anyone's tempted to reply "no, that's not serious", let me
assure you that yes, it is indeed very serious. ;-)


John Dowdell, Macromedia Tech Support, San Francisco CA US
Search technotes: http://www.macromedia.com/support/search/
Offlist email risks capture by the spam filters. I may not see your
email if it's not on the list. Private one-on-one email options are
available via Priority Access: http://www.macromedia.com/support/

flasher is generously supported by...
flashforward2000 and the Flash(tm) Film Festival
July 24-26, 2000, NEW YORK CITY, Hammerstein Ballroom
Produced by United Digital Artists and lynda.com
Sponsored by Macromedia, Adobe Systems, Fusion, Inc, AtomFilms,
shockwave.com and Electric Rain.
1.877.4.FLASH.4 or (1.805.640.6679 outside the US and Canada)
Register before June 30 and save $200!!-- www.flashforward2000.com
To unsubscribe or change your list settings go to
http://www.chinwag.com/flasher or email helpatchinwag [dot] com

  Re: FLASH: Flash Functionality Verificat, John Andrew Morrison

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]