[Greasemonkey] GM_xmlhttpRequest and localhost

Jun Yang jyang825 at gmail.com
Tue Jul 19 12:46:02 EDT 2005


I think the access to http://localhost is important for many wonderful 
possibilities. However, security concerns are also real. Can we plese do 
this? Some configuration is provided for user to allow only GM scripts from 
certainly sites to access http://localhost?

Jun

On 7/19/05, Edward Lee <edilee at gmail.com> wrote:
> 
> I believe the security issue is that *other* people would also
> possibly have access to your localhost which you might have intended
> to only be for yourself. If someone finds another way to take over
> GM_xmlhttprequest, they could put it on some public website and access
> your private localhost pages.
> 
> I have pages running on localhost, but they're also accessible by my
> IP. Others have localhost set up only to let that computer access. A
> hijacked greaesmonkey would act like the user accessing from the local
> computer, but the control is actually from outside.
> 
> --
> Ed
> _______________________________________________
> Greasemonkey mailing list
> Greasemonkey at mozdev.org
> http://mozdev.org/mailman/listinfo/greasemonkey
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mozdev.org/pipermail/greasemonkey/attachments/20050719/d9a6cb7e/attachment.htm


More information about the Greasemonkey mailing list