Proxy is your solution. counterfeiting a corssdomain file is inadvisable difficult and probably impossible to do on a large scale deployment. The only ways I can think do it would require great effort and would need other software to be installed on the client machine to pull it off. Plus that kind of hackery just isn't cool. Also I'm not sure anyone is really against the proxy solution, it would just be faster to go direct to the source.
Another idea if you don't want or can't do the proxy server, you could be bold and do an ajax proxy. I'm not sure how much data can be passed via the External Interface, but you certainly could pass xml back and forth that way. Given enough motivation I could come up with a working example. p --- In flexcoders@yahoogroups.com, "André Rodrigues Pena" <[EMAIL PROTECTED]> wrote: > > If people are against the proxy application.. what's the better solution? > (since I can't see how can I counterfeit a crossdomain file in a external > and not-accessible server) > > On 3/12/07, Troy Gilbert <[EMAIL PROTECTED]> wrote: > > > > Ahh, yes, but if all of your clients go through your proxy server then > > on to the eventual non-crossdomain.xml server, then that server admin sees > > that there are a huge amount of requests originating from your proxy server > > and he can throttle it as appropriate. If the requests come directly from > > the clients, then he has potentially thousands of different points of entry > > to throttle. > > > > But I do agree with your point... in general, I'd like to see Flash *at a > > minimum* have all of the read-only access that the web browser has. It > > infuriating when some AJAX code can access stuff more easily than Flash... > > that just *feels* backwards to me, and I think it ultimately hurts Flash's > > use for some cases. > > > > Troy. > > > > > > On 3/12/07, Paul DeCoursey <[EMAIL PROTECTED]> wrote: > > > > > > --- In flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com>, > > > "Alex Harui" <aharui@> wrote: > > > > > > > > It doesn't provide any benefit to you, it provides benefit to the > > > server > > > > owner. Once all of your clients are hammering your server to get to > > > the > > > > proxy to the remote-server, then you have the first chokepoint for > > > > traffic instead of the remote-server owner who may or may not have > > > > intended to allow that much extra traffic. > > > > > > > > > > I understand the thinking, but if I can easily create a proxy around > > > the crossdomain file then they've lost that avenue. It's easier to > > > throttle access using firewalls or acls, which they will end up having > > > to do anyway. > > > > > > > > > > > > > > > The security rules are also intended to make sure we don't become the > > > > ultimate spyware and virus development platform. If we did, everyone > > > > would be afraid to download the player and/or run these applications. > > > > > > > > > > > > > > > > If you can find a way to spoof the crossdomain.xml from a remote > > > server, > > > > please let us know. > > > > > > > > > > I don't think I'll put any effort to finding out how to do it since I > > > don't ever plan on using crossdomain files since I already have a > > > working proxy solution. > > > > > > > > > > > > > > > -Alex > > > > > > > > > > > > > > > > > > > > > > > > > > -- > André Rodrigues Pena > > LOCUS > www.locus.com.br > > Blog > www.techbreak.org >
