Flasher Archive

[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]

Subject: Re: FLASH: Flash Functionality Verification
From: Matt Wobensmith
Date: Fri, 30 Jun 2000 19:16:39 +0100

Hi John,

You wrote:

>I would appreciate verification, or better yet refudiation, that Flash
>does not allow the loading of variables from Domains other than
>the one servicng the movie.

Indeed, this change was made to prevent potential abuse.

If a Flash movie is allowed to access data from any domain, a malicious
author could make a movie that targets an internal server behind a firewall,
and potentially send that data back to any remote location they wish. That
would be bad.

With the suggested server script, this means the script runs on YOUR domain.
Much safer.

Our TechNote on this is here:

Load Variables from a data source on another domain is not working

I understand people's points about the convenience of executing server
scripts from anywhere, but this also leaves the door open to abuse. There
are lots of companies and institutions that use Flash because it is safe.
Allowing this potential abuse would certainly sour a lot of people on the
Flash Player and its security. As it is now, it's very safe.


Matt Wobensmith

flasher is generously supported by...
flashforward2000 and the Flash(tm) Film Festival
July 24-26, 2000, NEW YORK CITY, Hammerstein Ballroom
Produced by United Digital Artists and lynda.com
Sponsored by Macromedia, Adobe Systems, Fusion, Inc, AtomFilms,
shockwave.com and Electric Rain.
1.877.4.FLASH.4 or (1.805.640.6679 outside the US and Canada)
Register before June 30 and save $200!!-- www.flashforward2000.com
To unsubscribe or change your list settings go to
http://www.chinwag.com/flasher or email helpatchinwag [dot] com

  RE: FLASH: Flash Functionality Verificat, JGL
  Re: FLASH: Flash Functionality Verificat, John Andrew Morrison

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]