"Garry Haywood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > --- In [email protected], "Jim Ley" <[EMAIL PROTECTED]> wrote: >> "Garry Haywood" <[EMAIL PROTECTED]> wrote in message >> news:[EMAIL PROTECTED] >> > I know with IE I can use a different port (so leave www requests > on >> > port 80 and xml requests on 8080) >> >> Nope xmlhttp request is also limited by the port it can connect to, > it can >> only request back to the same port - in a default security > environment. > > were you saying 'no, you can't do this in firefox' or 'no you can't > do this full stop' ?
It should not be happening in IE, it's a security flaw (it allows you to attack sites hosted on the same machine as the one serving the site, e.g. the jibbering.com site box allows users to host their own domains on the same machine, you could then attack jibbering.com:8080 which happens to be running a completely different server which ignores the host header. > I can do it with IE > > http://www.betamodel.com/v2/xml_test Fails for me with security error, are you sure you've not got access data sources across domains, or other lower privilige than default enabled? Jim. ------------------------ Yahoo! Groups Sponsor --------------------~--> Get Bzzzy! (real tools to help you find a job). Welcome to the Sweet Life. http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/1U_rlB/TM --------------------------------------------------------------------~-> ----- To unsubscribe send a message to: [EMAIL PROTECTED] -or- visit http://groups.yahoo.com/group/svg-developers and click "edit my membership" ---- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/svg-developers/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
