- From: Frank Hellenkamp <jonas@depagecms.net>
- Date: Fri, 20 Jun 2008 17:58:37 +0200
> 1. Browser downloads a script from server A. > 2. Script tries to connect to server B. > 3. Browser looks up server B's IP-address. > 4. Browser performs a reverse lookup of server B's IP-address and gets > a host name for the server. > 5. Browser looks up a special TXT record in the DNS record for Server > B, which states each of the IP addresses/host names that can hosts > scripts allowed to connect. > > DNS records are cached multiple places (including at the local > computer), so a DDOS attack attempting to take down DNS servers > probably not succeed. DNS-Server-Information is often not accessible for many hosts/shared hosts. Adobe has some of the same Problems with the Adobe-Flash-Player. They use a crossdomain.xml-file to provide policy-informations. In the Flash Player 9,0,115,0 they introduced something like meta-policies: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html Probably worth a read, when we discuss this topic... best regards, frank hellenkamp -- frank hellenkamp | interface designer hasenheide 53 | 10967 berlin +49.30.49 78 20 70 | tel +49.173.70 55 781 | mbl +49.1805.4002.243 912 | fax jonas at depagecms.net | mail http://depagecms.net strnr 14/339/61587 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080620/75972535/attachment.pgp>
Received on Friday, 20 June 2008 08:58:37 UTC