Nicolas Désy wrote: > Hi Aral, > > >>I've never fully understood the need for the crossdomain policy file. I >>think it was Sho who tried to explain it to me in a very technical >>manner but either I'm really thick (definite possibility) or I just >>don't get the value of something where you essentially need to disable >>the security via a crossdomain.xml file to get something like web >>services to work without the need of a proxy. > > > One of the needs is to prevent malicious developers to use the Flash Player > to do DoS attack (http://en.wikipedia.org/wiki/Denial-of-service_attack) on > a server. For exemple, I put an SWF on a big portal, when the SWF is > loaded, he does 1000 request on osflash.org. So every visitor of the portal > will flood the osflash.org server without knowing it. And we can't stop > anything like this except with a strong security model. Yes, you're right, > we can flood the server anyway with any other tools, but the Flash Player > would have a bad reputation if it was possible. > > Cheers, > Nicolas
You could put as well 1000 links to a picture of Aral-wearing-a-dress-at-Spark (osflash internal joke) with a size of 0x0 in a HTML page that would make as much requests on OSFlash Wiki. "So every visitor of the portal will flood the osflash.org server without knowing it." HTML doesn't have so much bad reputation. Well it HAS but for other reasons :) Nicolas too _______________________________________________ osflash mailing list osflash@osflash.org http://osflash.org/mailman/listinfo/osflash_osflash.org
