Hi guys, Sorry for the dumb questions, haven't had a chance to read that crossdomain article in detail yet. How exactly does it pose a security risk, in my understanding any server side code can do what what Flash does without any sandbox restrictions or am I wrong?
I've always assumed crossdomain policy files aren't an impenetrable fortress but does it open any additional security risks over any other technologies? Thanks! Peter Geoff Stearns wrote: > the real lesson to learn here is simple: > > never create a crossdomain.xml that allows any site to connect to > yours. no asterisks! > > if you absolutely have to do it, put it on a separate domain that > can't be used to access other normal site operations. > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
