Isn't it like running a standalone SWF which can access network and local data (provided u have right trust config)? Why to run a internal server and create host entry? SWF in AIR/Standalone can access data from foo.com.
Can you put (give an example) this use-case in context of internet (public)? -abdul On 10/26/07, geoffreymina <[EMAIL PROTECTED]> wrote: > > Say there is a site which has a crossdomain.xml defined: > > http://www.foo.com/crossdomain.xml > > with > > <allow-access-from domain="*.foo.com"/> > > If I were to load an SWF file on my internal webserver and create a > local host file which contained an entry for fake.foo.com could I then > load the SWF file from fake.foo.com and access data on www.foo.com? > > If this is the case, then it seems to me that crossdomain.xml is really > just something to make people feel warm and fuzzy... and not at all a > real security measure. > > Thanks, > Geoff > > > -- -abdul --------------------------------------- http://abdulqabiz.com/blog/ ---------------------------------------
