- From: Bjartur Thorlacius <svartman95@gmail.com>
- Date: Sun, 17 Jul 2011 19:41:08 +0000
?ann f?s 15.j?l 2011 18:39, skrifa?i Jonas Sicking: > 2011/7/14 Ian Fette (????????)<ifette at google.com>: > One concern which was brought up was the ability to cause the user to > download a file from a third party site. I.e. this would allow > evil.com to trick the user into downloading an email from the users > webmail, or download a page from their bank which contains all their > banking information. It might be easier to then trick the user into > re-uploading the saved file to evil.com since from a user's > perspective, it looked like the file came from evil.com > Would it not be possible to send an unauthenticated request for the file, if it's of different origin?
Received on Sunday, 17 July 2011 12:41:08 UTC