Geek Answers Handbook

Crossdomain.xml What is the point?

I find it difficult to understand why crossdomain.xml is a useful function. It seems to me it seems ahead. Why restrict the flash (by default) from reading from public services?

What is the point of preventing DDOS attacks from people downloading malware.

It does not seem to protect flash users from third-party websites, especially if bypassing with a proxy server it seems that all this is pointless.

+4
source share
3 answers

Flash files run on a user's computer in a trusted environment. Without crossdomain files, swf can guess the internal services, something behind the firewall that the user has access to, but SWF should not. This is a serious security risk. While there are other reasons for politics, this is by far the most important reason. So you are right, it annoys the need to access the public api, but better than accessing the private api, imagine directory services, just because the content works on your computer.

+2
source

Crossdomain policy files can provide secure data from internal servers and servers that require authentication. More details:
http://www.jamesward.com/2009/11/08/how-bad-crossdomain-policies-expose-protected-data-to-malicious-applications/

+2
source

I just thought about it. Honestly, it was not in my head when I started asking a question.

Perhaps this is the protection of the developer of the flash file. Assuming that someone did not have technical knowledge on how to decompile a flash file and its data requests, where they are hardcoded. Raising this flash file to a public web server and placing it on your own web server effectively makes this flash ineffective.

If so, all requests made by the flash file should use fully qualified requests. That is, not relative queries.

I don’t know what they thought or not.

-1
source

More articles:


All Articles