Peaches Posted November 7, 2009 Report Share Posted November 7, 2009 6 November 2009, 12:14Facebook and Myspace bolt Flash backdoors Web developer Yvo Schaap has discovered that Facebook and Myspace have been being overgenerous in assigning privileges for Flash applications, allowing Schaap's Flash application to access another user's entire Facebook data. Flash applications are only normally able to access resources on the server from which they have been loaded. In order to allow developers to design applications with more flexibility, Abode has, however, introduced the option of explicitly granting access to other servers. This is achieved by means of the crossdomain.xml file in a web server's root folder. Facebook had used this to grant the right to access the main domain to trusted sites via instructions such as: Details at Heise security - http://www.h-online.com/security/news/item/Facebook-and-Myspace-bolt-Flash-backdoors-852318.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.