I happen to have done a really cool picture browser that took the pics and data from picasa googles website RSS data, when i completely finished it, DANG, stops working on my server cause of security reasons.
1st i agree it should not work on local as well, i threw months of work!!! :O 2nd, i cannot read an RSS cause of security reasons?? wait...RSS were not intended for being used in our apps? those RSS icons there, are not there for us to work with them??? Finally, if i ever have to get data from outside, and i'm considering doing a RSS reader, and other stuff...i will just get the data to flash though a small PHP script. but that "security" thing really sucks...(T__T) En/na Baz ha escrit: > > > I know this is an old thread but you can't just browse to it - a > browser only displays html, but that html comes from a server at some > point - i.e. a proxy. The same goes for ajax. The reason that they > don't post a crossdomain.xml is because that would make developers put > their secret key inside the flex app which can easily be decompiled > and compromised. > > Still it would be nice to have a solution, without having to spin up > your own servers. > > Baz > > > On Mon, Jul 28, 2008 at 1:01 PM, George <george_sm...@tksoftware.com > <mailto:george_sm...@tksoftware.com>> wrote: > > --- In flexcoders@yahoogroups.com > <mailto:flexcoders%40yahoogroups.com>, "nathanpdaniel" > <ndan...@...> wrote: > > > > > In my experience, Flex Builder "Debug" swfs have the same are > > subject > > > to the same crossdomain access restrictions that production swfs > > have. > > > > > > I'm a bit suspicious of the claim that this is not the case. > > > > I think what is being said (if I'm understanding correctly) - > running > > FB3 to load external XML (RSS, APIs, etc) - the security does not > > exist - crossdomain policy files are not required when running a > SWF > > through FB3. However, when you deploy to "production", crossdomain > > policy files ARE required. > > That being said - I think the issue lies with - why when we run > > test in development no security is required, but then to run the > same > > application from a "production" site (running the swf in anything > > other than FB3 test). I (or anyone) may develope a fully functional > > site in FB3, thinking every thing is "hunky dory", then move the > SWF > > to production and "crash" - no crossdomain.xml file... then, as a > > developer I have to either 1) contact the publisher of the RSS, > API, > > etc I'm trying to load, and ask them to kindly put up a > > crossdomain.xml policy file - which isn't likely to happen... or 2) > > Redevelop how my application loads data (no small thing). > > It kinda sucks I have to develop around an issue that doesn't exist > > in development but does in production. I understand the security > > concerns, but I think it's more on the side of - if I can do it in > > dev, why can't I do it in production? It'd be nice to at least be > > able to tell FB3 the app I'm developing will be loading from a > site I > > have no control over which may or maynot have a crossdomain policy > > file... > > > > (ching, ching - my 2 cents)... > > > This is exactly right. I would take it a step further though. If I can > get to it with just a browser, then why is it that security is such > that I cannot get to it without a crossdomain.xml file that authorizes > it. Where is the security hole, if I can just browse to it with > Firefox, I.E, Safari, or Opera? > > >
