System.download [was ...]

Aymeric Vitte vitteaymeric at gmail.com
Fri Jul 13 03:33:04 PDT 2012


Yes it's true, focusing too much on my needs, then forget it
Le 13/07/2012 11:39, Jason Orendorff a écrit :
> On Fri, Jul 13, 2012 at 3:39 AM, Aymeric Vitte <vitteaymeric at gmail.com> wrote:
>> But coming back to my point, I am not talking about a download like a xhr
>> where you can set cookies, do post requests, etc, just a download that fetch
>> the source, so I don't see it more dangerous than script or img fetching (or
>> System.load) for example.
> It's the difference between exposing every image on your intranet to
> any random web page that asks for it, and exposing all data on your
> intranet to any random web page that asks for it. Any web page could
> start by fetching "http://intranet/" and follow the links from there.
> This kind of comprehensive spidering of an organization's internal
> data is obviously not possible with <img>.
>
> This is basic browser security stuff.  I strongly suggest reading up
> before posting anything more on this topic.
>
> -j

-- 
jCore
Email :  avitte at jcore.fr
Web :    www.jcore.fr
Webble : www.webble.it
Extract Widget Mobile : www.extractwidget.com
BlimpMe! : www.blimpme.com





More information about the es-discuss mailing list