On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote: > "attackers can use POST" > > This is possible due to the fact that flash movies can send any > request to a server. > You can achieve this even with a XMLHTTPRequest. If scripting is involved that makes it a XSS attack instead, though. No? -Ashley