Is there a security issue when hosting crossdomain.xml on our servers?

Question

Is there a security issue when hosting crossdomain.xml on our servers?

We were asked to host a crossdomain.xml file on our servers in order to access some of the XML files that we developed. Content of this file:

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>

Everything is good?

+2

flash

gsb 25 Aug 09 at 16:23

source to share

2 answers

Branden hall · Answer 1 · 2009-08-25T16:28:39+0000

Good thing that allows any flash application from any port to load XML data from your domain.

That being said, you need to set a bunch of other data for it to be a valid cross-domain domain policy file (there are new required items added with FP9)

Here's the complete specification for cross-domain policies: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html

You can find all the latest security best practices for cross-domain policy files (and everything else that applies to Flash Player) here: http://www.adobe.com/devnet/flashplayer/articles/flash_player10_security_wp.html

cms · Answer 2 · 2009-08-25T16:30:09+0000

This will allow you to place Flash content anywhere for loading data directly into the client from your services and can have significant security implications depending on your authentication model and setup.

Is there a security issue when hosting crossdomain.xml on our servers?

More articles: