Use it for dDOS? That'a s little far-fetched...moonwhile, its CSRF abuse that becomes the real problem here.
On Nov 14, 10:41 am, ff <[email protected]> wrote: > On Nov 8, 8:32 pm, Frank Weiss <[email protected]> wrote: > > > Not sure if you're just complainig about the error handling. I suppose you > > know that JSONP does cross-domain and is supported by jQuery.ajax. > > Yep, the error handling is wrong and dangerous since the browser > actually sends the request while it shouldn't (it becomes possible to > use it for distributed dos attacks). > > And while jsonp is just an hack, CORS is the standard solutions > implemented by all modern browsers... > > Bye, > ff -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
