Say there is a site which has a crossdomain.xml defined: http://www.foo.com/crossdomain.xml
with <allow-access-from domain="*.foo.com"/> If I were to load an SWF file on my internal webserver and create a local host file which contained an entry for fake.foo.com could I then load the SWF file from fake.foo.com and access data on www.foo.com? If this is the case, then it seems to me that crossdomain.xml is really just something to make people feel warm and fuzzy... and not at all a real security measure. Thanks, Geoff
