Re: [flasher] Is Flash safe to drive?
This dude is just messin' with us. I think we should ignore him. He is apparently ignoring every email on this thread. Oh yes, he comments on them but he doesn't answer the direct questions. You may ask, BJ, why are you talking like he's not here? Answer: ? Bill? I will shout from the rooftops! BJ = = = Original message = = = JGL said: First of all I thought the challenge was somewhat OT and did not participate. Is the concept of Flash password protection off-topic? This suggestion is so idiotic that I'm almost inclined to refrain from answering... but I'll carry on. My suspicions are that if you put your login in a form of an html page, the same result may occur. We're talking about Flash, not HTML. JGL then preached a lengthy but irrrelevant sermon that does not change my opinion that Flash is UNSAFE TO DRIVE. All I'm trying to say is that a developer who uses Flash as an interface to a database can get screwed, because it's impossible to implement the binary YES/NO test. Try to persuade me I'm an idiot, if that appeases you. I shall continue to shout on the rooftops, until someone proves the contrary, that Flash is UNSAFE TO DRIVE for security reasons. That's all! Bill viralmonitor ~~~ Chinwag's latest list - viral campaigns unleashed Sign up to receive email alerts on new campaigns Or to shout about your latest work http://www.chinwag.com/viralmonitor __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [flasher] Is Flash safe to drive?
Agreed :-)... but to piss on his parade, Flash ontop of J2EE with Flash Remoting is online banking safe...; I challenge him to prove to me its not (sorry couldn't resist) Oh, and I tried to drive Flash, couldn't even get into first gear. Doesn't B.J. stand for.. ;-) Neil Clark Team Macromedia http://www.macromedia.com/go/team Announcing Macromedia MX!! http://www.macromedia.com/software/trial/. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 14 May 2002 21:19 To: CF-Talk Subject: Re: [flasher] Is Flash safe to drive? This dude is just messin' with us. I think we should ignore him. He is apparently ignoring every email on this thread. Oh yes, he comments on them but he doesn't answer the direct questions. You may ask, BJ, why are you talking like he's not here? Answer: ? Bill? I will shout from the rooftops! BJ = = = Original message = = = JGL said: First of all I thought the challenge was somewhat OT and did not participate. Is the concept of Flash password protection off-topic? This suggestion is so idiotic that I'm almost inclined to refrain from answering... but I'll carry on. My suspicions are that if you put your login in a form of an html page, the same result may occur. We're talking about Flash, not HTML. JGL then preached a lengthy but irrrelevant sermon that does not change my opinion that Flash is UNSAFE TO DRIVE. All I'm trying to say is that a developer who uses Flash as an interface to a database can get screwed, because it's impossible to implement the binary YES/NO test. Try to persuade me I'm an idiot, if that appeases you. I shall continue to shout on the rooftops, until someone proves the contrary, that Flash is UNSAFE TO DRIVE for security reasons. That's all! Bill viralmonitor ~~~ Chinwag's latest list - viral campaigns unleashed Sign up to receive email alerts on new campaigns Or to shout about your latest work http://www.chinwag.com/viralmonitor __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [flasher] Is Flash safe to drive?
Agreed :-)... but to piss on his parade, Flash ontop of J2EE with Flash Remoting is online banking safe...; I challenge him to prove to me its not (sorry couldn't resist) You want to be very careful when you piss on someone's parade; there might be a headwind. Flash, just like HTML, is as safe as you make it, when you're referring to data integrity between client and server. Using J2EE doesn't make any difference - you can build insecure applications just as easily with J2EE as with any other CGI-style environment - and Flash Remoting just makes it harder to manipulate the data (far from impossible, though, I suspect - it's binary, but not encrypted or obfuscated, according to the curious folks who've started examining the format). The key is to design your application with security in mind; don't unnecessarily rely on data from the client when you can avoid it, filter all data from the client every time, and use SSL as appropriate to prevent third parties from being able to see the data. If you do that, you won't have any more problems with Flash than you would with a well-designed HTML interface. If you don't, you'll have the same problems that you'd have with a poorly-designed HTML interface. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [flasher] Is Flash safe to drive?
Yep, I always walk backwards in these situations ;-p, I have seen some J2EE Flash development using Remoting and it has passed the 'Online Banking' board of security [UK] - so in that sense, it is secure. I totally agree about your comments on security, some are GUI related, and Flash can be used in an horrible way! Neil Clark Team Macromedia http://www.macromedia.com/go/team Announcing Macromedia MX!! http://www.macromedia.com/software/trial/. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: 14 May 2002 22:03 To: CF-Talk Subject: RE: [flasher] Is Flash safe to drive? Agreed :-)... but to piss on his parade, Flash ontop of J2EE with Flash Remoting is online banking safe...; I challenge him to prove to me its not (sorry couldn't resist) You want to be very careful when you piss on someone's parade; there might be a headwind. Flash, just like HTML, is as safe as you make it, when you're referring to data integrity between client and server. Using J2EE doesn't make any difference - you can build insecure applications just as easily with J2EE as with any other CGI-style environment - and Flash Remoting just makes it harder to manipulate the data (far from impossible, though, I suspect - it's binary, but not encrypted or obfuscated, according to the curious folks who've started examining the format). The key is to design your application with security in mind; don't unnecessarily rely on data from the client when you can avoid it, filter all data from the client every time, and use SSL as appropriate to prevent third parties from being able to see the data. If you do that, you won't have any more problems with Flash than you would with a well-designed HTML interface. If you don't, you'll have the same problems that you'd have with a poorly-designed HTML interface. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
