Comments on: Death of open crossdomain.xml’s? (Flickr, Youtube,…)

By: Mrs. Weasley

Mrs. Weasley — Mon, 30 Nov 2009 00:00:00 +0000

Any news on Salesforce’s crossdomain.xml now that they have their Flex Toolkit? Seems like the toolkit should handle the communications between my app and salesforce.com, and I didn’t notice anything about using a proxy in the online code samples from Salesforce.

By: Abrupt YouTube security policy change « FLEXing My Muscle

Abrupt YouTube security policy change « FLEXing My Muscle — Tue, 30 Nov 2010 00:00:00 +0000

[...] It seems Flickr did it too… seems like Death of open crossdomain.xmls. Read the post by Renaun Erickson [...]

By: Renaun Erickson

Renaun Erickson — Tue, 30 Nov 2010 00:00:00 +0000

Not sure what you asking here… are you saying you can’t access the flickr pictures directly in Flash/Flex without a crossdomain.xml?

By: Eric cancil

Eric cancil — Tue, 30 Nov 2010 00:00:00 +0000

Ok, maybe I’m not totally grasping this. It’s fine that we can access the API without any sandbox violations, but we can’t access the actual pictures without one, doesnt this defeat the purpose?
-Eric

By: joeberkovitz.com » Abrupt YouTube security policy change

joeberkovitz.com » Abrupt YouTube security policy change — Fri, 30 Nov 2001 00:00:00 +0000

[...] Death of open crossdomain.xml’s? [...]

By: Renaun Erickson

Renaun Erickson — Thu, 30 Nov 2000 00:00:00 +0000

I agree, the documentation should not just be Adobe, but also developer documentation from each service. Granted they will not want to talk about security risks in great detail. But general security guidelines in regard to each services specific implementation would be great to see from the services themselves.

By: John Dowdell

John Dowdell — Thu, 30 Nov 2000 00:00:00 +0000

I just heard through internal email that there’s already more documentation in the pipeline for these types of issues. Probably won’t get final reviews and live push until after the holidays, though.

It still would be good if Flickr and YouTube spoke for themselves on this issue, though.

By: Crossdomain.xml revisted at Aral Balkan

Crossdomain.xml revisted at Aral Balkan — Sat, 30 Nov 2002 00:00:00 +0000

[...] This is a great summary of the security concerns regarding crossdomain.xml files. There’s been a lot of talk recently about crossdomain.xml, following John Dowdell’s post regarding the change in policy at YouTube. [...]

By: Chris Allen

Chris Allen — Sun, 30 Nov 2003 00:00:00 +0000

James, I would also like to see a more concise document on the Flash security model created. In addition, there doesn’t seem to be too much out there about the security model when using a projector. This is something that we have been struggling a bit with at my current job.

By: Evert

Evert — Sun, 30 Nov 2003 00:00:00 +0000

James,

Currently the flashplayer also accepts crossdomain policy files embedded in HTML or even GIF files.. read this:

http://www.hardened-php.net/library/poking_new_holes_with_flash_crossdomain_policy_files.html