[flexcoders] Re: feature or security hole on flash sandBox?

[ben.clinkinbeard]

There are no restrictions when running the file on your local system.
Access it through a web server and your calls will fail.

HTH,
Ben
http://www.returnundefined.com/

--- In flexcoders@yahoogroups.com, "Xavi Beumala" <[EMAIL PROTECTED]> wrote:
>
> Hi,
> 
> Today I've noticed that I can load images from diferent domains (which
> doesn't have a crossdomain file) without getting a security sandbox
> violation error.
> 
> For example, when running the following application from my
fileSystem I'm
> not receiving any error eventhough the domains don't have de crossdomain
> file (I also haven't trusted the file).
> 
> <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml";
layout="vertical">
>     <mx:Image source="http://www.code4net.com/header/foto2.jpg";
width="800"
> height="160"/>
>     <mx:Image source="
> http://us.i1.yimg.com/us.yimg.com/i/mntl/hlth/06q2/img_diet.jpg";
width="800"
> height="160"/>
> </mx:Application>
> 
> So is this a new feature on the player or is it a security hole?
> 
> I've been reading the document at www.adobe.com/devnet/*flash*player/
> articles/*flash*_player_8_*security*.pdf and the most accurate thing
I've
> found refering to images is: "A SWF file from a.com may read from
the server
> at b.com (using the ActionScript XML.load() method, for example) if
> b.comhas a cross-domain policy file that permits access from
> a.com (or from all domains)." So if the criteria for loading
external images
> is the same as for .swf...
> 
> Any ideas?
> 
> Best
> X.
>






--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/flexcoders/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/