Re: FLASH: Flash Functionality Verification

[John Dowdell]

At 8:29 AM 6/30/0, John Andrew Morrison wrote:

> What are the risks [of secret access to different domain] ?


There's a scenario under the old Shockwave technote:

"How to avoid getNetText security dialog"

http://www.macromedia.com/go/12777


Summary: When an applet plays behind a firewall, a lucky guess of the path

to a protected file can render it vulnerable to snooping. This is why Java,

Shockwave and Flash load data from the same domain, rather than any domain.


(Just in case anyone's tempted to reply "no, that's not serious", let me

assure you that yes, it is indeed very serious. ;-)


jd





John Dowdell, Macromedia Tech Support, San Francisco CA US

Search technotes: http://www.macromedia.com/support/search/

Offlist email risks capture by the spam filters. I may not see your

email if it's not on the list. Private one-on-one email options are

available via Priority Access: http://www.macromedia.com/support/




flasher is generously supported by...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     flashforward2000 and the Flash(tm) Film Festival

 July 24-26, 2000, NEW YORK CITY, Hammerstein Ballroom

                  www.flashforward2000.com

   Produced by United Digital Artists and lynda.com

 Sponsored by Macromedia, Adobe Systems, Fusion, Inc, AtomFilms,

           shockwave.com and Electric Rain.

 1.877.4.FLASH.4  or (1.805.640.6679 outside the US and Canada)

 Register before June 30 and save $200!!-- www.flashforward2000.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To unsubscribe or change your list settings go to

http://www.chinwag.com/flasher or email

helpchinwag [dot] com