Hello Eric, Wednesday, May 2, 2007, 2:56:30 PM, you wrote: EH> Now, look!, nothing up my sleeve. Arbitrary data exchange is a foundation EH> for DDOS (distributed denial of service), for example, which provides a EH> generic class of malicious use of clients.
Okay, but I could do a DDOS easily with just plain standard HTML and some hundreds of <IMG> Tags as well, I don't need Flash for that. I mean, this is something that should be done at browser level. EH> What are the other details? I EH> can't say right now. What I can say is that allowing arbitrary operations EH> by a client is the moral equivalent of providing a programmable network EH> server. Would you grant login/password to every web site you visit? Certainly not. But to fix a problem, I need to understand it first. IMHO, we need to implement the same cross-domain policy in Gnash too, to be compatible. We can add additional security features if we want, but I currently have no idea which problems they could solve. Who/what is the enemy? Udo _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
