2007/5/2, strk <[EMAIL PROTECTED]>:
On Wed, May 02, 2007 at 10:48:12AM +0100, Martin Guy wrote: > We can just follow adobe's algorithm for a first hack - at least that > will solve the problems that the community has alerted them to.
Adobe's algorithm is based on a security-trough-proprietery-software model, which is it works as far as nobody can change the client code...
Adobe were forced to limit HTTP access to the same domain because that was one way to avoid the hack attacks that people were complaining about. You are talking about security through obscurity, which is not the issue here. The same-domain/cross-domain policy is explicit and public. Before anyone starts proposing concrete solutions they need to understand exactly what kind of exploits were enabled by allowing loading from different domains. Maybe then they will understand why, and who knows maybe even propose a better policy. In our current position of ignorance, proposing solutions is premature. Does anyone reading the list know more about this? M _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
