I think it has to do with the types of content you are loading. If I understand the issue here, if the target asset is a content asset, such as an image file, you do not need any specific permissions from the target domain to load its assets into your Flex application. If the target asset is a data asset, such as an XML file, you must have the target domain's permission to access this asset.
hth, matt horn flex docs > -----Original Message----- > From: flexcoders@yahoogroups.com > [mailto:[EMAIL PROTECTED] On Behalf Of Xavi Beumala > Sent: Thursday, July 27, 2006 9:17 AM > To: flexcoders@yahoogroups.com > Subject: Re: [flexcoders] Re: feature or security hole on > flash sandBox? > > Sorrry, > > the quotation was taken from > http://www.adobe.com/devnet/flashplayer/articles/flash_player_ > 9_security.pdf > <http://www.adobe.com/devnet/flashplayer/articles/flash_player > _9_security.pdf> not from flash player 8 specification. > > X. > > > On 7/27/06, ben.clinkinbeard <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > wrote: > > Hmm, I've not read enough about the newer security > models to be sure, > I just assumed it was that way since earlier versions > were. One thing > I did notice though was that you said you're reading > from the security > whitepaper for FP8. You should be reading about FP9 > since that is what > Flex and AS3 target. > > HTH, > Ben > http://www.returnundefined.com/ > <http://www.returnundefined.com/> > > --- In flexcoders@yahoogroups.com > <mailto:flexcoders@yahoogroups.com> , "Xavi Beumala" > <[EMAIL PROTECTED]> wrote: > > > > I think you're wrong. It's also working on web > server. And from > local system > > you've also restrictions. Just try an application > running from the local > > file system and consuming remote data throgh > HTTPService, it's going to > > fail. But it's not failing with mx:Image. > > > > X. > > > > On 7/27/06, ben.clinkinbeard <[EMAIL PROTECTED]> wrote: > > > > > > There are no restrictions when running the file on > your local system. > > > Access it through a web server and your calls will fail. > > > > > > HTH, > > > Ben > > > http://www.returnundefined.com/ > <http://www.returnundefined.com/> > > > > > > --- In flexcoders@yahoogroups.com > <mailto:flexcoders@yahoogroups.com> , "Xavi Beumala" <xavi@> wrote: > > > > > > > > Hi, > > > > > > > > Today I've noticed that I can load images from > diferent domains > (which > > > > doesn't have a crossdomain file) without getting > a security sandbox > > > > violation error. > > > > > > > > For example, when running the following > application from my > > > fileSystem I'm > > > > not receiving any error eventhough the domains > don't have de > crossdomain > > > > file (I also haven't trusted the file). > > > > > > > > <mx:Application xmlns:mx=" > http://www.adobe.com/2006/mxml <http://www.adobe.com/2006/mxml> " > > > layout="vertical"> > > > > <mx:Image source=" > http://www.code4net.com/header/foto2.jpg > <http://www.code4net.com/header/foto2.jpg> " > > > width="800" > > > > height="160"/> > > > > <mx:Image source=" > > > > > http://us.i1.yimg.com/us.yimg.com/i/mntl/hlth/06q2/img_diet.jp > g <http://us.i1.yimg.com/us.yimg.com/i/mntl/hlth/06q2/img_diet.jpg> " > > > width="800" > > > > height="160"/> > > > > </mx:Application> > > > > > > > > So is this a new feature on the player or is it a > security hole? > > > > > > > > I've been reading the document at > www.adobe.com/devnet/*flash*player/ > <http://www.adobe.com/devnet/*flash*player/> > > > > articles/*flash*_player_8_*security*.pdf and the > most accurate thing > > > I've > > > > found refering to images is: "A SWF file from > a.com may read from > > > the server > > > > at b.com (using the ActionScript XML.load() > method, for example) if > > > > b.comhas a cross-domain policy file that permits > access from > > > > a.com (or from all domains)." So if the criteria > for loading > > > external images > > > > is the same as for .swf... > > > > > > > > Any ideas? > > > > > > > > Best > > > > X. > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Flexcoders Mailing List > > > FAQ: > http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.t > xt <http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt> > > > Search Archives: > > http://www.mail-archive.com/flexcoders%40yahoogroups.com > <http://www.mail-archive.com/flexcoders%40yahoogroups.com> > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Flexcoders Mailing List > FAQ: > http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.t > xt <http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt> > Search Archives: > http://www.mail-archive.com/flexcoders%40yahoogroups.com > <http://www.mail-archive.com/flexcoders%40yahoogroups.com> > Yahoo! Groups Links > > <http://groups.yahoo.com/group/flexcoders/> > > <mailto:[EMAIL PROTECTED]> > > <http://docs.yahoo.com/info/terms/> > > > > > > > > > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
