[Laszlo-dev] serverless operation (security note)
Sarah Allen
sallen at laszlosystems.com
Thu Jan 20 10:22:09 PST 2005
Yeah, but evil guy doesn't have access to private.company.com
At 10:11 AM 1/20/2005, Eric Bloch wrote:
>Sarah Allen wrote:
>>The danger is to that site. The firewall prevents external access, but
>>not access from my desk. If the Flash Player were to allow a developer
>>to make any connection, someone could write an application that appeared
>>to be a fun greeting card, but was really accessing
>>private.mycompany.com. Then the evil hacker would just send those
>>greeting cards to a bunch of employees and get at the private data of the
>>company.
>
>I don't understand this.
>
>If you wrote the greeting card to go to private.mycompany.com, then
>evil guys would just put a crossdomain.xml file there on
>private.mycompany.com and do his evil stuff, right?
>
>
>-Eric
>
>
>
>_______________________________________________
>Laszlo-dev mailing list
>Laszlo-dev at openlaszlo.org
>http://www.openlaszlo.org/mailman/listinfo/laszlo-dev
More information about the Laszlo-dev
mailing list