It's very easy for legitimate sites to get around this limitation by using a crossdomain.xml file. That lets you set up more complex rules (such as only allowing www subdomains or just *.yourdomain.com and *.yourotherdomain.com) to make your sandbox even bigger. You don't even have to modify the original file to make it fit.
It makes the default security tighter, while giving you more flexibility if you need it. -- ~Trout http://www.amongtrout.com On 1/26/06, Rich Rodecker <[EMAIL PROTECTED]> wrote: > > i believe thats been around since flash 7...can't load data from different > subdomains. I wish they could have excluded www. from counting as a > differetn subdomain, but this is one case where i really dont mind the > extra > security, it's kind of needed if flash is going to be taken seriously by > the > corporate world. > > > > > > On 1/26/06, David Rorex <[EMAIL PROTECTED]> wrote: > > > > possible security upside: > > > > hacker.freedns.com can't make calls to randomguy.freedns.com ? (where > > freedns.com is a site that lets users buy / get free subdomains) > > > > -David R > > > > On 1/26/06, clark slater <[EMAIL PROTECTED]> wrote: > > > > > > I was totally *disgusted* to find out that our site was failing to > make > > > remoting calls when loaded via http://bayinteractive.com instead of > > > http://www.bayinteractive.com > > > > > > Sure enough FP8 security sandbox at work, because the remoting calls > > were > > > using an absolute path to the gateway instead of a relative path (to > > make > > > debugging possible from the IDE). I expected the security model would > > > determine the two addresses as being from the *same* domain and > > therefore > > > allow calls. But it classes the two as separate domains. > > > > > > How utterly frustrating is that? So watchout and keep all your > remoting > > > calls and loadmovies relative or you too will fall into this cunning > > Adobe > > > security trap. > > > > > > If anyone can explain the upside of this particular behaviour in > > security > > > terms I'd love to hear it. > > > > > > Clark > > > _______________________________________________ > > > Flashcoders mailing list > > > [email protected] > > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > > > _______________________________________________ > > Flashcoders mailing list > > [email protected] > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > _______________________________________________ > Flashcoders mailing list > [email protected] > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > _______________________________________________ Flashcoders mailing list [email protected] http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
