Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Community Forums
 Community Discussions (All other subjects)
 Flash content

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
Etymon Posted - 12 October 2008 : 00:08:11
Is it possible for anyone to embed malicious code into a flash file or a movie?<
10   L A T E S T    R E P L I E S    (Newest First)
Etymon Posted - 13 October 2008 : 16:18:53
Oh boy. Hmmm.

So, if I allow members to upload images "but" I have some type of resizing going on during the upload process, then will that work around a lot of the image sizing exploits?<
HuwR Posted - 13 October 2008 : 10:40:23
it is not just image exploits, flash files can embed javascript which then runs on the client, it is that which poses the biggest security risk<
MarcelG Posted - 13 October 2008 : 09:47:28
Etymon ; there's a difference between allowing flash-file uploads and allowing flash-embedding in your topics ; with the first one one can only post a link to a .swf file, with the second one, one can embed the object, making it load (and run) automatically when a visitor views a topic.
That last one has the biggest security concern, as it loads without the visitor having to acknowledgee it prior on loading.<
Podge Posted - 13 October 2008 : 09:43:57
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60387<
Etymon Posted - 13 October 2008 : 08:40:20
Thanks for the help on that Marcel! Hmmm. So, I should not allow flash type uploads, but, instead, let the member(s) use another service for that? Just for the sake of conversation since others are reading this too ... which mod is which that is safe and possibly unsafe?<
MarcelG Posted - 13 October 2008 : 05:01:59
Etymon, indeed people who want to do harm can use malformed flashfiles to do harm.
However, if you use the video mod that supports only those flashvideo providers who "prove" to be ok, there's not much that can go wrong. (My videomod only supports the big ones such as Youtube and Dailymotion).
If you support SWF files, via my other mod (the [flash][/flash] tags), you indeed may be subject to hackers embedding malicious SWF's.
But, then again, if you enable images you are also enabling them to do the same, except for the fact that the number of image-exploits is far more limited. The simplest exploit is this one if I'm not mistaking : embed a 10000x10000 pure white PNG (filesize is almost nothing) and the browser crashes as it tries to render it....<
Etymon Posted - 12 October 2008 : 14:11:39
I don't use it either. My son works with it a little. I was not sure if I should allow flash uploads (or flash links [like with the video MOD]). Thanks Huw!<
HuwR Posted - 12 October 2008 : 12:42:29
I think there is stuff you can do, but not entirely sure as I don't use flash.<
Etymon Posted - 12 October 2008 : 10:51:23
Figures.

So, allowing people to post those kinds of links and/or allowing people to upload those kind of files is skeptical if not dangerous. If the file is being uploaded to the server, is there anyway to check the file for these kinds of things?<
HuwR Posted - 12 October 2008 : 03:51:25
in a word yes<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000 Version 3.4.07