EC> Charles is an easy program to test this. You can make custom responses EC> to certain http requests. For testing you can easily setup a rule that EC> will always return a <allow-access-from domain="*" /> at any http request.
How will this work in the intranet related situation mentioned somewhat before and which is a good reason for cross-domain policy? It can be set working of course if you can create false HTTP responses behind the firewall, but if you can do that, you propably can do anything else, so don't need a Flash movie for the attack. Attila
_______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
