If you read further up in the thread you'll see which attack that crossdomain.xml is supposed to prevent: unknowingly leaking intranet information to the internet. The proxy workaround isn't relevant to that attack.
-bob On Feb 2, 2006, at 9:59 AM, Evert | Collab wrote: > Charles is an easy program to test this. You can make custom responses > to certain http requests. For testing you can easily setup a rule that > will always return a <allow-access-from domain="*" /> at any http > request. > > I'm sure you would agree that security should always be on the server, > and not on the client. > > Evert > > Mike Chambers wrote: >> Could you please explain this with an example? Crossdomain does not >> exist to prevent DoS attacks. >> >> mike chambers >> >> [EMAIL PROTECTED] >> >> On Feb 2, 2006, at 8:17 AM, Evert | Collab wrote: >> >> >>> It's merely prevents 'the regular >>> user' from consuming other people's services, but I doesn't stop a >>> malicious user. >>> >> >> >> _______________________________________________ >> osflash mailing list >> [email protected] >> http://osflash.org/mailman/listinfo/osflash_osflash.org >> >> > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
