Joel Stringfellow (njyoder) wrote in lj_dev,
Joel Stringfellow
njyoder
lj_dev

Embedding Adobe Flash applets.

Isn't there a potential security/privacy/nuisance issue with allowing people to embed arbitrary Flash applets from any website?

I'm not that familiar with Flash's capabilities in terms of reading from or manipulating the web browser, but I know a few other things that can be done.

At the very least, people can use Flash cookies to track users even if their IP address changes. I'm sure that people wouldn't appreciate this.

And of course, it can be made to be a huge nuisance by vastly slowing down a computer and potentially crashing the web browser. Of course, it can also display arbitrary video and play arbitrary audio.

The solution to this, which I previously mistakenly thought was already implemented, is to only allow flash from certain trusted sites, such as YouTube. Since 99% of embedded Flash on LiveJournal is from a relatively small list of websites, this shouldn't be hard to maintain, especially with a submission form to add new websites.
Tags: server, server: embedding
Subscribe

  • SessionGenerate and ljloggedin

    Are there any information after release 86 and changes in cookies scheme to use sessiongenerate? It returns ljsession key, but this key is not enough…

  • Retrieving comments

    Hi, Is there a way to retrieve a list of comments made by user XXX (which may or may be not the currently logged in user) in the journals of users…

  • Community posts and comments

    Hi! How can I download a community posts with comments when 1) I'm the community moderator 2) I'm not the community moderator ? Thank you

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 7 comments