But the client needs to install Charles and setup the rule to hack his own server, so it doesn't change anything, right ?
Nicolas ----- Original Message ----- From: "Evert | Collab" <[EMAIL PROTECTED]> To: "Open Source Flash Mailing List" <[email protected]> Sent: Thursday, February 02, 2006 12:59 PM Subject: Re: [osflash] [Slightly OT] Gnash & the security model > Charles is an easy program to test this. You can make custom responses > to certain http requests. For testing you can easily setup a rule that > will always return a <allow-access-from domain="*" /> at any http request. > > I'm sure you would agree that security should always be on the server, > and not on the client. > > Evert > > Mike Chambers wrote: >> Could you please explain this with an example? Crossdomain does not >> exist to prevent DoS attacks. >> >> mike chambers >> >> [EMAIL PROTECTED] >> >> On Feb 2, 2006, at 8:17 AM, Evert | Collab wrote: >> >> >>> It's merely prevents 'the regular >>> user' from consuming other people's services, but I doesn't stop a >>> malicious user. >>> >> >> >> _______________________________________________ >> osflash mailing list >> [email protected] >> http://osflash.org/mailman/listinfo/osflash_osflash.org >> >> > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
