Menu
▾
▴
Re: [Treebase-devel] crossdomain.xml
|
From: Rutger V. <rut...@gm...> - 2010-09-24 14:02:48
|
I agree with closing this tracker issue. On Thu, Sep 23, 2010 at 1:16 PM, Jon Auman <jon...@ne...> wrote: > I therefore recommend we NOT institute a crossdomain.xml for treebase.org. > It would not be difficult for a user to get access to embargoed data, and > treebase could lose its credibility if that happened. It also may be > possible for a hacker to redirect treebase users to a malicious web > application. > The following post states that cookie based authentication is particularly > vulnerable: > http://www.jamesward.com/2009/11/08/how-bad-crossdomain-policies-expose-protected-data-to-malicious-applications/ > If all I agree, I recommend we close the following issue in tracker with > security concerns as the reason: > https://sourceforge.net/tracker/?func=detail&aid=2977283&group_id=248804&atid=1126676 > > thanks, > -Jon > On Sep 23, 2010, at 7:14 AM, Rutger Vos wrote: > > There is data that is under embargo and should only be accessible by > the submitter(s) and reviewer(s). Session is maintained using cookies. > > On Wed, Sep 22, 2010 at 9:57 PM, Jon Auman <jon...@ne...> wrote: > > I looked some more into the crossdomain.xml file that allows Adobe Flash > > applications to access phylows data. The security implication is that all > > data on the treebase server could become public. Is that OK? Is there any > > data that should not become public? > > Also, does treebase application use cookies for session maintenance or web > > service tokens or some other means for authentication? > > Thanks, > > Jon > > ------------------------------------------------------- > > Jon Auman > > Systems Administrator > > National Evolutionary Synthesis Center > > Duke University > > http:www.nescent.org > > jon...@ne... > > ------------------------------------------------------ > > > > ------------------------------------------------------------------------------ > > Start uncovering the many advantages of virtual appliances > > and start using them to simplify application deployment and > > accelerate your shift to cloud computing. > > http://p.sf.net/sfu/novell-sfdev2dev > > _______________________________________________ > > Treebase-devel mailing list > > Tre...@li... > > https://lists.sourceforge.net/lists/listinfo/treebase-devel > > > > > > -- > Dr. Rutger A. Vos > School of Biological Sciences > Philip Lyle Building, Level 4 > University of Reading > Reading > RG6 6BX > United Kingdom > Tel: +44 (0) 118 378 7535 > http://www.nexml.org > http://rutgervos.blogspot.com > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing. > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > Treebase-devel mailing list > Tre...@li... > https://lists.sourceforge.net/lists/listinfo/treebase-devel > > ------------------------------------------------------- > Jon Auman > Systems Administrator > National Evolutionary Synthesis Center > Duke University > http:www.nescent.org > jon...@ne... > ------------------------------------------------------ > > > -- Dr. Rutger A. Vos School of Biological Sciences Philip Lyle Building, Level 4 University of Reading Reading RG6 6BX United Kingdom Tel: +44 (0) 118 378 7535 http://www.nexml.org http://rutgervos.blogspot.com |
