[thelist] FW: [websandiego] So, Flash has access to a list of myfonts?

Joshua Olson joshua at waetech.com
Mon Nov 17 08:35:14 CST 2003


----- Original Message ----- 
From: "Joel D Canfield" <joel at spinhead.com>
Sent: Monday, November 17, 2003 9:25 AM


> > http://www.stcassociates.com/lab/fontbrowser.html

> Interesting, but a bit worrisome. If Flash can read from a system
> folder, how is proper security enforced?

Joel,

I'm not convinced that this is actually reading from the folder.  Rather,
it's more likely that the Flash client application (which the client choses
to install) is reading an accessible system property available via the
Windows API.

But, to answer your question, you entered a trust-based relationship with
Macromedia when you installed the Flash player on your machine.  Since it's
installed it feasibly has 100% access to your machine.  Since no software is
completely bug proof then it would follow that there probably is an exploit
somewhere that allows a malicious developer to access your machine's
sensitive information.  The question is if the exploit has been discovered
yet.  :-)  But, this goes with *any* software you install, including IE,
Norton Antivirus, Mozilla, etc.

<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com
706.210.0168



More information about the thelist mailing list