|
John,
It would be nice to collect the
use cases - it seems to me that current model greatly undermines 3rd party SOA
offerings that are not "tuned" for flash player. May be limiting crossdomain to
intranet/local zone is one way to solve the issue Eric and myself ( and I
am sure quite a few others) are facing. It's just seems that there is big
distinction between Internet and intranet use cases - ind you can not put user
or system administrator in charge of the decision making process.
Sincerely,
Anatole Tartakovsky
----- Original Message -----
Sent: Tuesday, February 14, 2006 2:53
PM
Subject: Re: [flexcoders] Benefits of
Flash Security Model and crossdomain.xml
Eric Raymond wrote:
> My main question is who is this
model intended to protect?
Other folks had good info... another way
I've seen to get the idea
across is that this "same domain" sandboxing is
a necessity because the
clientside Macromedia Flash Player can execute
behind a firewall, so
arbitrary servers behind that same firewall must not
be invisibly tapped.
But you raise a larger issue here, in that this
objection/query comes up
about every two weeks on this list and in other
discussions talking
about Player mechanics. I see that the top link for
search term "why
crossdomain.xml" shows a Macromedia technote which
explains "why" as
"because of security reasons"... maybe we need to do a
better job of
getting the actual understandable rationale inside each
document which
discusses the issue, to put the subsequent details in
context? Your
thoughts...?
jd
--
John
Dowdell . Adobe Developer Support . San Francisco CA USA
Weblog: http://weblogs.macromedia.com/jd
Aggregator:
http://weblogs.macromedia.com/mxna
Technotes:
http://www.macromedia.com/support/
Spam
killed my private email -- public record is best, thanks.
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
SPONSORED LINKS
YAHOO! GROUPS LINKS
|
