couldn't agree more with Dean here, lock that thing up. http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html This is a good ref on the topic.
Also, I'd get Service Capture and verify that your SWF is indeed loading the proper crossdomain.xml file as well as other traffic. Douglas Knudsen [email protected] On Mar 25, 2010, at 11:41 AM, Dean H. Saxe wrote: > FYI, opening up the cross domain policy to all sites is > doubleplusungood. (Sorry for the 1984 reference!) Lock it down to > the specific sites which need cross domain access, no more. > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not > given by his fathers, but borrowed from his children." -- John James > Audubon > > > > On Thu, Mar 25, 2010 at 7:39 AM, Robert Lash <[email protected]> wrote: >> Have you tested this with one domain or a static domain address? >> You might want to try that first to isolate the issues. >> >> I actually never got a crossdomain policy to work with the "*" all settings >> but was successful with static domain names. >> Robert Lash >> >> >> On Wed, Mar 24, 2010 at 4:05 PM, Dawn Hoagland <[email protected]> >> wrote: >>> >>> Background: >>> We are running ColdFusion8 in a multi-server configuration under IIS. We >>> have an application where we are attempting to allow our customer access >>> through a proxy server. The domain of our internal server (for discussion >>> sake) is dev.company1.org. The domain they are coming from is >>> test.company2.com. >>> >>> We receive the following error: >>> Channel.Security.Error error Error #2048: Security sandbox violation: >>> https://test.company2.com/system/app/bin/index.swf cannot load data from >>> https://dev.company1.org/flex2gateway/. url: >>> 'https://dev.company1.org/flex2gateway/' >>> >>> All of my searches point to needing to add a crossdomain.xml policy file. >>> I've created one (see below) that should allow any connection and placed it >>> at the web root. >>> >>> Am I missing something completely? >>> >>> ----- begin crossdomain.xml ----- >>> <?xml version="1.0" encoding="UTF-8"?> >>> <!DOCTYPE cross-domain-policy SYSTEM >>> "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";> >>> <cross-domain-policy> >>> <allow-access-from domain="*" secure="false" /> >>> <allow-http-request-headers-from domain="*" headers="*" secure="false" >>> /> >>> </cross-domain-policy> >>> ---- end crossdomain.xml --- >>> >>> Thanks! >>> >>> Dawn >> >> > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > >
