Comments on: Eventsites: serverless web-development

By: Julien Couvreur

Julien Couvreur — Mon, 22 May 2006 18:03:05 +0000

You can use Flash for cross-domain GETs and POSTs. See Flash4AJAX: http://blog.monstuff.com/archives/000280.html
The main restriction is that the services you’re targetting need to allow this kind of access, thru a cross-domain policy file within their domain.

Flash 8.5 will allow arbitrary HTTP requests, enabling the complete array of HTTP methods (HEAD, DELETE, …)

By: Peter Nixey

Peter Nixey — Sun, 21 May 2006 13:11:57 +0000

Martin,

Good point. I was actually sanitising requests to make sure they were external when I first wrote the app but then forgot to do the same after deployment.

Very good point, horrendous security hole – thanks for pointing it out.

By: Martin

Martin — Sat, 20 May 2006 21:44:31 +0000

Oh yes, minimalist proxy, (nearly) maximalist read access to the filesystem due to not sanitizing user input in any way…

By: earl

earl — Sat, 20 May 2006 12:25:37 +0000

mypage.php?url=/etc/passwd
Id probably use something like that with this script. Dont forget to sanitize that $_GET['url']!

By: Marty

Marty — Fri, 19 May 2006 17:43:15 +0000

Heh “please download Firefox” it says. Well, besides the slew of JS errors messages i get.

By: Bob Ippolito

Bob Ippolito — Fri, 19 May 2006 17:40:10 +0000

s/proxy/security hole/

That PHP is going to let anyone read any local file on the filesystem that apache can see. I wish people wouldn’t post dumb things like that, because others are going to blindly copy it.

By: Phil

Phil — Fri, 19 May 2006 17:21:12 +0000

If you add in client-side storage in a Flash object, it’s not a hard leap to kiosk type software running in a browser on a computer without an Internet connection.

By: Allen

Allen — Fri, 19 May 2006 16:37:39 +0000

crikey, thats the coolest damned thing / concept i’ve seen in a while. Also, love the minimalist proxy. Such a really cool concept, taking mashups to the next level.