Go Back   vb.org Archive > Community Central > Community Lounge
  #1  
Old 01-14-2006, 09:36 AM
BlackxRam BlackxRam is offline
 
Join Date: Aug 2003
Posts: 364
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Is there any safe way to allow Flash files on VB from other people on the forums???

I know the general rule of Forums and Flash, but more and more i see the streaming flash movies on some community sites out there. That people upload to their online profiles.

Is there anything I should know? Or is this just a risk these sites are taking?
Reply With Quote
  #2  
Old 01-14-2006, 09:53 AM
Injektilo's Avatar
Injektilo Injektilo is offline
 
Join Date: Jun 2004
Location: Cyprus
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it is a rick
Reply With Quote
  #3  
Old 01-14-2006, 12:00 PM
nexialys
Guest
 
Posts: n/a
Default

please use the SEARCH engine, ... keywords : upload + flash would bring these hacks;

https://vborg.vbsupport.ru/showthrea...t=upload+flash
https://vborg.vbsupport.ru/showthrea...t=upload+flash

as you see, there are solutions... and discussions about the situations...

and Flash is not that risky... or it would be banned from the net for long!
Reply With Quote
  #4  
Old 01-14-2006, 06:04 PM
KTBleeding's Avatar
KTBleeding KTBleeding is offline
 
Join Date: Feb 2004
Location: Tooele, UT
Posts: 756
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nexialys
and Flash is not that risky... or it would be banned from the net for long!
Flash is apparently the reason why myspace is being hacked left and right.. Through actionscript.
Reply With Quote
  #5  
Old 01-16-2006, 02:57 PM
Carnage Carnage is offline
 
Join Date: Jan 2005
Location: uk
Posts: 760
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it'd be nice if there were a way to disabled action script via the html tag... that way we could allow animations and such yet disable potential security holes.
Reply With Quote
  #6  
Old 01-16-2006, 03:06 PM
nexialys
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by KTBleeding
Flash is apparently the reason why myspace is being hacked left and right.. Through actionscript.
myspace.com is one among the millions of websites where people can upload flash files... if only that site is to point out, maybe the site itself is not that well managed...

at macromedia.com there are documentations about flash and security...
Reply With Quote
  #7  
Old 01-16-2006, 05:20 PM
KTBleeding's Avatar
KTBleeding KTBleeding is offline
 
Join Date: Feb 2004
Location: Tooele, UT
Posts: 756
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nexialys
maybe the site itself is not that well managed...
Well, I agree completely. But I thought the fact that Myspace isn't well managed went without saying.
Reply With Quote
  #8  
Old 01-16-2006, 09:17 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Flash itself is not the problem. The problem comes from allowing an untrusted user to place a flash file on a public webpage.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:21 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05906 seconds
  • Memory Usage 2,218KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (6)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete