Seems like i was too quick with my response. I only looked at it from a
public perspective. I got the point now.
I usually think before I send a response and I jumped to a conclusion =)
Sorry for wasting bandwidth
Evert
Rákos Attila wrote:
EC> Charles is an easy program to test this. You can make custom responses
EC> to certain http requests. For testing you can easily setup a rule that
EC> will always return a <allow-access-from domain="*" /> at any http request.
How will this work in the intranet related situation mentioned
somewhat before and which is a good reason for cross-domain policy? It
can be set working of course if you can create false HTTP responses
behind the firewall, but if you can do that, you propably can do
anything else, so don't need a Flash movie for the attack.
Attila
------------------------------------------------------------------------
_______________________________________________
osflash mailing list
osflash@osflash.org
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
osflash@osflash.org
http://osflash.org/mailman/listinfo/osflash_osflash.org
