WebApp Sec mailing list archives

FW: Flash sites

From: GRIFFITHS ian <ian.griffiths () liv-coll ac uk>
Date: Fri, 5 Sep 2003 08:56:48 +0100

I think it's fair to say that flash movies can be compromised to reveal
perhaps more than the author intended, especially where client side
processing of sensitive data is concerned.

Ian

-----Original Message-----
From: RSnake
To: Max Moser
Cc: chiwawa999 () yahoo com; webappsec () securityfocus com
Sent: 04/09/2003 16:23
Subject: Re: Flash sites


        I am having a hard time understanding how that is a security
hole, or a security fix.  If there is no secure information in the Flash
file to begin with, and he is simply interested in securing the webserver,
and it makes no outside calls to databases or scripts of any kind, it is not
a dangerous binary.  Further, using multiple flash files wouldn't stop
anything.

Current thread:

Re: Flash sites, (continued)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Max Moser (Sep 04)
  - Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Jean-Jacques Halans (Sep 04)
- Re: Flash sites Jeremiah Grossman (Sep 04)
  - Re: Flash sites ADex (Sep 06)
- RE: Flash sites Nick Duda (Sep 03)
  - RE: Flash sites Mathew C. Beckman (Sep 04)
- RE: Flash sites Piet Carpentier (Sep 04)
- Re:Flash sites leorl (Sep 04)
- FW: Flash sites GRIFFITHS ian (Sep 05)