Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Flash sites
From: RSnake (rsnakeshocking.com)
Date: Wed Sep 03 2003 - 21:47:48 CDT
Safest from the server's perspective? Probably.... Like an image it is
just a binary, and is not interpreded by the webserver in any way. Safe for
the person running it? That's debatable. Unlike an image it is actually
executed by the client, so it is possible that a MITM attack could introduce
malicious code in the binary in transit to do things that was not inititally
intended, which is made easier by the fact the binary is static. However, you
debatable. For your auditing purposes, yes, it's probably completely safe.
On Wed, 3 Sep 2003, John Madden wrote:
| Date: Wed, 3 Sep 2003 09:14:11 -0700 (PDT)
| From: John Madden <chiwawa999yahoo.com>
| To: webappsecsecurityfocus.com
| Subject: Flash sites
| Hello all,
| If a web site contains only flash files and has no
| write permissions to modify those flash files, no
| default files or other potentially dangerous scripts
| can we say that is the "safest" form of a web site ?
| Are there any other concerns in auditing a flash based
| site ?
| Do you Yahoo!?
| Yahoo! SiteBuilder - Free, easy-to-use web site design software
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this email by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.