Hi Aral, > I've never fully understood the need for the crossdomain policy file. I > think it was Sho who tried to explain it to me in a very technical > manner but either I'm really thick (definite possibility) or I just > don't get the value of something where you essentially need to disable > the security via a crossdomain.xml file to get something like web > services to work without the need of a proxy.
One of the needs is to prevent malicious developers to use the Flash Player to do DoS attack (http://en.wikipedia.org/wiki/Denial-of-service_attack) on a server. For exemple, I put an SWF on a big portal, when the SWF is loaded, he does 1000 request on osflash.org. So every visitor of the portal will flood the osflash.org server without knowing it. And we can't stop anything like this except with a strong security model. Yes, you're right, we can flood the server anyway with any other tools, but the Flash Player would have a bad reputation if it was possible. Cheers, Nicolas _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
