I have been looking all over for an answer to this,
Is it possible to prevent xml data on a secondary server from being send to my swf? It seems that if the attacking server has a crossdomain.xml file in place their data can easily be sent to my site by appending the url to overwrite the xml variable we have declared.
For instance, if my site is at a.com and the attacking xml (and crossdomain.xml) live on b.com the attacker could just append a.com to read a.com?xmlfile=http://b.com/maliciousscript.xml. My company is affraid that someone may send in their own xml to overwrite the xml we are using here.
this make any sense to anyone, im suprised it is so hard to get a solution ot this.
How is that url going to impact the swf on your web page/site? How does your swf file target the xml file?