--- In [email protected], "nathanpdaniel" <[EMAIL PROTECTED]> wrote:
>
> > In my experience, Flex Builder "Debug" swfs have the same are
> subject
> > to the same crossdomain access restrictions that production swfs
> have.
> >
> > I'm a bit suspicious of the claim that this is not the case.
>
> I think what is being said (if I'm understanding correctly) - running
> FB3 to load external XML (RSS, APIs, etc) - the security does not
> exist - crossdomain policy files are not required when running a SWF
> through FB3. However, when you deploy to "production", crossdomain
> policy files ARE required.
> That being said - I think the issue lies with - why when we run
> test in development no security is required, but then to run the same
> application from a "production" site (running the swf in anything
> other than FB3 test). I (or anyone) may develope a fully functional
> site in FB3, thinking every thing is "hunky dory", then move the SWF
> to production and "crash" - no crossdomain.xml file... then, as a
> developer I have to either 1) contact the publisher of the RSS, API,
> etc I'm trying to load, and ask them to kindly put up a
> crossdomain.xml policy file - which isn't likely to happen... or 2)
> Redevelop how my application loads data (no small thing).
> It kinda sucks I have to develop around an issue that doesn't exist
> in development but does in production. I understand the security
> concerns, but I think it's more on the side of - if I can do it in
> dev, why can't I do it in production? It'd be nice to at least be
> able to tell FB3 the app I'm developing will be loading from a site I
> have no control over which may or maynot have a crossdomain policy
> file...
>
> (ching, ching - my 2 cents)...
>
This is exactly right. I would take it a step further though. If I can
get to it with just a browser, then why is it that security is such
that I cannot get to it without a crossdomain.xml file that authorizes
it. Where is the security hole, if I can just browse to it with
Firefox, I.E, Safari, or Opera?
