Still, I agree with John, on the XML part. If everybody and everything can read an XML on a random server, why can't Flash, it doesn't make any sense.
On Tue, Mar 31, 2009 at 5:33 PM, Muzak <p.ginnebe...@telenet.be> wrote: > And, I've also discovered that Flex is more forgiving. I can pull in >> content from another domain without said crossdomain.xml by using a >> HTTPService component. >> > > That's not correct. > Doesn't matter if it's Flex or Flash. It's the Flash Player that enforces > security, not the tool that created the swf. > Different rules apply to different swf versions, so if Flex compiles to fp9 > and Flash CS4 compiles to fp10, you may see different results. > Even minor revisions may show different results (e.g. 9.0.45 vs 9.0.124). > > But why on earth is that so? I mean, the same file can easily be read by >> an ordinary browser!? What on earth could i concoct with my devious, >> malignant Flash application with the same file? >> > > Well, it's not about what your intensions are, they may be all good, > but not everyone has those same good intensions :) > > Think about banner ads that are displayed *wherever*. > Do you really want those to be able to read/load/execute anything they feel > like from your site/server? > > There's quite alot of info on the Adobe site regarding security: > http://www.adobe.com/devnet/flashplayer/security.html > http://www.adobe.com/devnet/security/ > http://www.adobe.com/products/flashplayer/security/ > > regards, > Muzak > > ----- Original Message ----- From: "Johan Nyberg" < > johan.nyb...@webguidepartner.com> > To: <flashcoders@chattyfig.figleaf.com> > Sent: Tuesday, March 31, 2009 2:17 PM > Subject: [Flashcoders] Cross-domain policy - why is Flex more forgiving > thanFlash? > > > I'm getting tired of Flash's unforgiving cross-domain policy. Why can't I >> read an xml-feed, content produced by a php file or a simple text file >> without Flash wagging that finger in my face saying "No, no, you can't, not >> without that site allowing your site access in the crossdomain.xml". >> >> But why on earth is that so? I mean, the same file can easily be read by >> an ordinary browser!? What on earth could i concoct with my devious, >> malignant Flash application with the same file? >> >> And, I've also discovered that Flex is more forgiving. I can pull in >> content from another domain without said crossdomain.xml by using a >> HTTPService component. >> >> I would greatly appreciate if anyone could shed some light on this. And, >> if anyone can point out if I'm doing anything wrong here. >> >> But please don't tell me to get my domain name into that other servers >> cross-domain policy file. There are many situations where this is not >> possible, and where it would still be legitimate to read content from that >> site. >> >> And, as I said before, the browser doesn't need that permission. Nor does >> Flex, apparently. >> >> Regards, >> >> -- >> Johan Nyberg >> >> Web Guide Partner >> > > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > -- M.A. van't Kruis http://www.malatze.nl/ _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
