Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Simple solution (Score 1) 355

Seems like the simple solution is to serve all non-trusted content from a separate hostname. For example, serve avatars or uploaded files from usercontent.example.com.

As far as I can tell this would stop the attack nicely. The malicious SWF would execute in the context of a domain you don't care about.

Slashdot Top Deals

"Aww, if you make me cry anymore, you'll fog up my helmet." -- "Visionaries" cartoon

Working...