Hi, In general the Flash security sandbox does help address this issue in Flash/Flex applications. The crossdomain.xml on a server would prevent AS code from one domain from inspecting what's going on in another domain unless the SWF has explicilty allowed that access to take place. Adobe has a ton of security information about all of our products here: http://www.adobe.com/security/ For Flex specifically you will most likely be interested in the security section for the Flash Player: http://www.adobe.com/products/flashplayer/security/ Matt ________________________________
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of supertodda Sent: Tuesday, April 03, 2007 6:20 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Flex Security Best Practices Hello, Are there any high level flex developers out there who have a response to this article on Ajax security with regards to flex? AJAX Apps Ripe Targets for JavaScript Hijacking http://www.eweek.com/article2/0,1895,2110554,00.asp <http://www.eweek.com/article2/0,1895,2110554,00.asp> Is Flex vulnerable to such types of attacks? Is there a Flex Security consortium, similar to the PHP security consortium that gives best practices regarding secure code and data requests? Thanks.