jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily — just with browser AJAX requests — a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.
Read more of this story at Slashdot.
delicious
digg
google
technorati
1D0-435 practice exam
1D0-571 study guide
1D0-520 exam questions
1D0-460 test questions
1D0-510 dumps
1D0-450 braindump torrent
1D0-442 practice exam
1D0-430 study guide
9A0-084 exam questions
9A0-066 test questions
1D0-510B dumps
1D0-525 braindump torrent
9A0-094 practice exam
9A0-056 study guide
9A0-079 exam questions
9A0-310 test questions
9A0-088 dumps
9A0-057 braindump torrent
9A0-054 practice exam
9A0-055 study guide
9A0-058 exam questions
9A0-068 test questions
9A0-080 dumps
9A0-064 braindump torrent
9A0-086 practice exam
9A0-067 study guide
9A0-090 exam questions
9A0-092 test questions
9A0-096 dumps
9A0-063 braindump torrent
N10-004 practice exam
CT0-101 study guide
SK0-003 exam questions
220-602 test questions
JK0-016 dumps
220-601 braindump torrent