You can always build a Flex (or Flash for that matter) application
that can be put in you page as a 1px by 1px (I'm not sure if 0 by 0
will work) that has nothing on the stage with wmode=transparent.
This application can now act as your portal between the browser via JS
using the External
Charlie, my main issues with AJAX are dealing with cross-browser issues, and
security.
AJAX exposes some of the most annoying cross-browser DHTML sort of things.
Using libraries and frameworks can insulate you from that to a degree, but not
always completely. I've got a customer doing things
Hello everyone,
My client is looking for a flex developer. They are located in the
Orlando market. Anyone interested or know anyone I could speak with?
Comp: $70-95k
Role: extend our Flex-based CDN Dashboard application.
Requirements (must have all):
Experience developing in Flex 2.0
Speaking of Benchmarks: http://www.jamesward.org/census/
On Feb 8, 2008 11:52 AM, Darin Kohles [EMAIL PROTECTED] wrote:
You can always build a Flex (or Flash for that matter) application
that can be put in you page as a 1px by 1px (I'm not sure if 0 by 0
will work) that has nothing on the
That seems a curious statement, Forrest, and I'm sure some would enjoy a
bit of discussion on it. For those who weren't following closely, he had
asked first about some challenges using a CFX_google custom tag, and in the
replies he was told that it's quite old and instead Google favors some
*cough* BS.
Flash can be decompiled.
I can watch all of the traffic. Even over SSL.
I can modify AMF (I'd have to look @ secure AMF).
If you'd like to challenge me to hack the app, let me know. I'm up
for it. ;-)
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
If liberty means anything
Yes, the security issues are pervasive. Read Ajax Security by Billy
Hoffman @ SPI Dynamics (now HP) for a great review of these concerns.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Dissent is the purest form of patriotism.
--Thomas Jefferson
On Feb 8, 2008, at 11:20 AM, shawn
Just a quick .02 from me. Your last statement grabbed my attention...
Do you think AJAX is or will be as useful and powerful as CF?
I think maybe you're looking at AJAX wrong. AJAX is something that is
typically used in conjunction with CF, PHP, ASP.NET, etc. AJAX is there
to do a couple of
Some interesting benchmark results! Also thanks for noting the security
issues, etc. with AJAX and Javascript.
I guess my somewhat negative attitude toward AJAX has to do with its
Javascript underpinings.
It's Javascript that I tend to dislike. I mean, I like being able to
write code that
disbelief
lemme get this straight. you can decrypt SSL traffic into a human
readable format?
you can crack a 128-bit certificate? what about a high-grade AES
256-bit pipe?
/disbelief
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean
Hah, no, not quite. That would kill all ecommerce overnight if that
happened.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
To announce that there must be no criticism of the president, or that
we are to stand by the president right or wrong, is not only
unpatriotic and servile, but
sad but true users will be users despite our best efforts. I was worried
that I missed something and all security evaporated overnight.
Stranger things have happened.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe
Sent: Friday,
Yes. Man in the middle proxy to decrypt traffic on the fly. I don't
need to decrypt the traffic, I let SSL do all the work and just pass
the communications through my proxy. Encrypted tunnels exist between
browser - proxy and proxy- server. You receive a certificate
warning, but most
If secure AMF is just AMF over SSL... its easy enough to modify in
transit.
Darrin, if you or your organization wants a demo of why these things
are insecure, let me know. I'll be more than happy to do some live
web hacking for you. (And yes, Charlie, I haven't forgotten about you
and
Actually this would be a great presentation for the Flash/Flex group or the
CF group as well.
John Mason
[EMAIL PROTECTED]
770.337.8363
www.FusionLink.com - ColdFusion and Flex hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
_
From: [EMAIL PROTECTED]
Sure no problem. I'm doing a live web hacking show for WebManiacs in
DC if anyone is going. I had to pass on Cf.Objective due to my wife
having the nerve to have a child. ;-) Give me some tentative dates,
I'll be there.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
What is
BTW, the cert is not 128 bits, that would be trivially small for a
public key. The public key is used to verify the identity of the
server (i.e. does it match the machine name? Can it be validated
through Public Key Infrastructure (PKI)?). The tunnel may use 128 bit
AES, but the cert is
Forrest,
There's nothing that says that web services used in AJAX have to be consumed
only by connections initiated by Javascript. The only part of traditional
AJAX that requires Javascript is the manipulation of the browser content
(and that's only because it enables content to change on the
18 matches
Mail list logo
