Cross domain is not an issue, we run it from a server. It automates Firefox.
If you need to protect from this I always ask my self. What benefit does someone have to make a fake account. Most of my systems there is no point. The only system I use a capcha is my ticket system. On Sep 24, 2013 11:30 PM, "Alex Harui" <[email protected]> wrote: > > > On 9/24/13 6:00 PM, "[email protected]" <[email protected]> wrote: > > >Thanks Stephen for your comments. If it is a valid concern, how do people > >address it? Do people implement Captcha type components into their login > >forms, or something else? Anything available for this or do I need to > >create something myself? > I am not an expert in this area, but in theory, Flash cannot be scripted > from another domain unless you allow it or the customer allows it. > Automated testing drives Flash because someone gives it permission or it > lives on the same domain. > > The same-domain is important because if you host this app on YouTube, > FaceBook or other places where other people host stuff, you do get exposed > to cross-site scripting. > > I don't know how the spambots work. If they sniff HTML to find form > fields and fill them out, they won't be able to do that on Flash as easily > if at all. > > -Alex > > > > > > >----- Original Message ----- > >From: "Stephen C" <[email protected]> > >To: [email protected] > >Sent: Tuesday, September 24, 2013 5:29:47 PM > >Subject: Re: Is Captcha needed in Flex application? > > > >Kidna, there is a video of someone automating Gmail with it. But, there > >are > >plenty of mail libraries for scripting languages to automate the email. > >On Sep 24, 2013 8:21 PM, <[email protected]> wrote: > > > >> can it click on an auto-generated email link to complete the new user > >> registration process, for example? > >> > >> ----- Original Message ----- > >> From: [email protected] > >> To: [email protected] > >> Sent: Tuesday, September 24, 2013 4:56:28 PM > >> Subject: Re: Is Captcha needed in Flex application? > >> > >> With sikuli you can automate flash, we use it for testing. I don't see > >>why > >> it cannot be used maliciously > >> > >> > >> > >> > >> Sent from Windows Mail > >> > >> > >> > >> From: [email protected] > >> Sent: Tuesday, September 24, 2013 7:42 PM > >> To: [email protected] > >> > >> Just curious on the conventional wisdom whether Captcha is required in > >> Flex desktop web applications, or if something inherent in Flex/Flash > >> plug-in means that bots in the web cannot auto-complete user login > >>forms > >> (e.g. username and password) or other forms. I haven't really seen too > >>much > >> for Captcha type components in Flex (is it unnecessary)? > >> > >> > >> Currently my user login requests an email and password, and for new > >> accounts, requires the user to click on a link to validate his or her > >>email > >> address before registering that user as a valid person. Is that > >>sufficient? > >
