What *real* security risk is there when a Flash movie loads data from wherever it likes?
Assuming you've read http://gnash.lulu.com/wiki/index.php/Security try googling: flash cross domain exploit
You can't certainly block the movie's domain as this will break lots of movies
Sure.
Is there really a URL/domain that I should generally add to my blacklist?
Making everyone collect bad domains one by one and edit them into a config file is hopeless as a production solution. We can just follow adobe's algorithm for a first hack - at least that will solve the problems that the community has alerted them to. Ultimately it would be good for someone to study the issues involved more deeply and devise a less clunky solution, at least at the level of user interface/interaction. M _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
