3 Replies Latest reply on Oct 31, 2010 5:00 PM by kglad

    preventing remote url file reads in Flash

    bingtamers

      We have a Flash application provided by a vendor. It reads its parameters from an xml file on our web server's file system. However, it can also be spoofed to read its parameters from an xml file sitting on another domain's web server. At first we thought crossdomain.xml might be able to fix this, but we've researched it and understand the purpose of crossdomain.xml. It won't solve this issue.

       

      Are there any ways of enforcing that a Flash application reads its input file only from the same server where the Flash application was served? Or is the recommendation just to initialize variables within the Flash app, not relying on an external file.

       

      Thanks for your help with this.