1 Reply Latest reply on Dec 16, 2009 8:25 AM by msakrejda

    how is it possible that crossdomains.xml is still valid in flex 4?

    angeli106

      Ok, before i begin i want to tell u that i'm really not the aggressive type but this crossdomains.xml is really taking me out of my element...

      What kind of wicked mind figured out to use the crossdomains.xml? other than tightly coupling every backend to flex, it is also not really understable where the hell ur supposed to put this file. Isn't it the backend's responsibility to handle security by itself?

      Practically everyone i know using flex is basically forced to open some sort of server on his local host and use it as proxy to get their flex application to talk to remote services.. does it actually seem reasonable to anyone? will adobe PLEASE remove this very unneeded and frustrating constraint?

        • 1. Re: how is it possible that crossdomains.xml is still valid in flex 4?
          msakrejda Level 4

          The crossdomain security policy stuff is annoying, but it's there to prevent this sort of scenario:

           

          Joe Blackhat writes a flash game about Bob the Goldfish. Joe Blackhat decides that a fun thing to do might be to write an SMTP client in ActionScript so that fans of Bob the Goldfish could unknowingly send spam while they play. Bob the Goldfish game goes viral. Everyone is playing it and spam volume bajillion-duples. Spam kills the internet. The End.

           

          This is facetious and contrived, but without crossdomain security policies, the internet would be a much more dangerous place. JavaScript has even more restrictive crossdomain policies. I don't think this is going away.