Am 30.09.2008 um 18:58 schrieb Ashley:
On Sep 30, 2008, at 9:40 AM, [EMAIL PROTECTED] wrote:
Seems like a cheap way (listing a bunch of frameworks in a security
paper) to gain cheap traffic on your paper.
Isn't that how and why white papers are written. :)
I only skimmed the top page but I got the impression that following
best practices would circumvent (most of?) the exploits. POSTs
being required to manipulate data, specifically.
-Ashley
From the paper:
"attackers can use POST"
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this even with a XMLHTTPRequest.
cheers,
moritz
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
