WebApp Sec mailing list archives
Re: Flash sites
From: RSnake <rsnake () shocking com>
Date: Wed, 3 Sep 2003 19:47:48 -0700 (PDT)
Safest from the server's perspective? Probably.... Like an image it is just a binary, and is not interpreded by the webserver in any way. Safe for the person running it? That's debatable. Unlike an image it is actually executed by the client, so it is possible that a MITM attack could introduce malicious code in the binary in transit to do things that was not inititally intended, which is made easier by the fact the binary is static. However, you could do the same things with HTML/Java/Javascript/VB script, so again, it's debatable. For your auditing purposes, yes, it's probably completely safe. On Wed, 3 Sep 2003, John Madden wrote: | Date: Wed, 3 Sep 2003 09:14:11 -0700 (PDT) | From: John Madden <chiwawa999 () yahoo com> | To: webappsec () securityfocus com | Subject: Flash sites | | Hello all, | | If a web site contains only flash files and has no | write permissions to modify those flash files, no | default files or other potentially dangerous scripts | can we say that is the "safest" form of a web site ? | | Are there any other concerns in auditing a flash based | site ? | | Thanks | | John | | __________________________________ | Do you Yahoo!? | Yahoo! SiteBuilder - Free, easy-to-use web site design software | http://sitebuilder.yahoo.com | -R The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful.
Current thread:
- Flash sites John Madden (Sep 03)
- Re: Flash sites Thomas Chiverton (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Max Moser (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Jean-Jacques Halans (Sep 04)
- Re: Flash sites Jeremiah Grossman (Sep 04)
- Re: Flash sites ADex (Sep 06)
- <Possible follow-ups>
- RE: Flash sites Nick Duda (Sep 03)
- RE: Flash sites Mathew C. Beckman (Sep 04)
- RE: Flash sites Piet Carpentier (Sep 04)
- Re:Flash sites leorl (Sep 04)
- FW: Flash sites GRIFFITHS ian (Sep 05)