I think the access to <a href="http://localhost">http://localhost</a> is important for many wonderful
possibilities. However, security concerns are also real.
Can we plese do this? Some configuration is provided for user to
allow only GM scripts from certainly sites to access <a href="http://localhost">http://localhost</a>?<br>
Jun<br><br><div><span class="gmail_quote">On 7/19/05, <b class="gmail_sendername">Edward Lee</b> <<a href="mailto:firstname.lastname@example.org">email@example.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I believe the security issue is that *other* people would also<br>possibly have access to your localhost which you might have intended<br>to only be for yourself. If someone finds another way to take over<br>GM_xmlhttprequest, they could put it on some public website and access
<br>your private localhost pages.<br><br>I have pages running on localhost, but they're also accessible by my<br>IP. Others have localhost set up only to let that computer access. A<br>hijacked greaesmonkey would act like the user accessing from the local
<br>computer, but the control is actually from outside.<br><br>--<br>Ed<br>_______________________________________________<br>Greasemonkey mailing list<br><a href="mailto:Greasemonkey@mozdev.org">Greasemonkey@mozdev.org</a>