John Whelan wrote: > Is it possible? I note there is a major security problem with Adobe Flash.
Er, no there isn't. Flash is far from perfect but this alleged 'exploit' is largely hysteria. There are three causes and none of them are the Flash Player itself: - Unconfigured webservers which don't send the correct Content-Type/Content-Disposition headers; - Browsers which don't parse Content-Type headers as they should; - Sites that allow users to upload arbitrary executables, including but not limited to Flash. Since OSM does not (to the best of my knowledge) allow such uploads, the issue doesn't arise. I would recommend reading: - http://blogs.pcmag.com/securitywatch/2009/11/so-called_flash_vulnerability.php - http://blogs.adobe.com/asset/2009/11/flash_content_and_the_same-ori.html - http://www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html (the article itself is largely hyperbole, but the comments are quite informative) One summary from the latter: "What this comes down to is that web site administrators (and application engineers) need to make sure that untrusted SWF content (e.g. message attachments) must not be served over HTTP - they need to make sure that the server forces the browser to download the SWF to their local filesystem. " Which is common sense. As others have pointed out, Flash has nothing to do with OSM rendering anyway and if you still like tin hats, other editors are available. cheers Richard _______________________________________________ newbies mailing list [email protected] http://lists.openstreetmap.org/listinfo/newbies
