On Fri, Jul 13, 2012 at 3:39 AM, Aymeric Vitte <[email protected]> wrote: > But coming back to my point, I am not talking about a download like a xhr > where you can set cookies, do post requests, etc, just a download that fetch > the source, so I don't see it more dangerous than script or img fetching (or > System.load) for example.
It's the difference between exposing every image on your intranet to any random web page that asks for it, and exposing all data on your intranet to any random web page that asks for it. Any web page could start by fetching "http://intranet/"; and follow the links from there. This kind of comprehensive spidering of an organization's internal data is obviously not possible with <img>. This is basic browser security stuff. I strongly suggest reading up before posting anything more on this topic. -j _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
