Yes it's true, focusing too much on my needs, then forget it
Le 13/07/2012 11:39, Jason Orendorff a écrit :
On Fri, Jul 13, 2012 at 3:39 AM, Aymeric Vitte <[email protected]> wrote:
But coming back to my point, I am not talking about a download like a xhr
where you can set cookies, do post requests, etc, just a download that fetch
the source, so I don't see it more dangerous than script or img fetching (or
System.load) for example.
It's the difference between exposing every image on your intranet to
any random web page that asks for it, and exposing all data on your
intranet to any random web page that asks for it. Any web page could
start by fetching "http://intranet/"; and follow the links from there.
This kind of comprehensive spidering of an organization's internal
data is obviously not possible with <img>.
This is basic browser security stuff. I strongly suggest reading up
before posting anything more on this topic.
-j
--
jCore
Email : [email protected]
Web : www.jcore.fr
Webble : www.webble.it
Extract Widget Mobile : www.extractwidget.com
BlimpMe! : www.blimpme.com
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
