Le quintidi 5 pluviôse, an CCXXIV, Andreas Cadhalpun a écrit : > No. It would have prevented the issue with hls.
Reacting to known attacks by ad-hoc hole-plugging is no way of building proper security. > But it's usually only used with local files. I do not know that. Do you? > Why not? Because remote files can be more sensitive than local ones. Because some environment may download files, turning remote to local. > How? I do not know, but you can assume that someone knows and is selling that information to the highest bidder. We know that playlists can be abused to leak information. Reimar was warning about it years ago. People implemented them nonetheless, and guess what, it did cause information leak. Now, your reaction is among the lines "the burglar left a footprint in front of that window, let us wall it". I say no, walling is overkill, and walling only that particular window is useless. We need to properly lock all the windows. Regards, -- Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
