Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Simple solution (Score 1) 355

by zcv (#30082198) Attached to: Flash Vulnerability Found, Adobe Says No Fix Forthcoming

Seems like the simple solution is to serve all non-trusted content from a separate hostname. For example, serve avatars or uploaded files from usercontent.example.com.

As far as I can tell this would stop the attack nicely. The malicious SWF would execute in the context of a domain you don't care about.

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...