Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Friday, August 3, 2012

What is a crossdomain.xml file?

A crossdomain.xml file is a file that usually available in the root folder of your webserver. This file is basically used to allow access to your data from outside your web domain. Here we are actively giving permission for someone to "trespass".



Many web applications require access to data from other location rather than where the application files originates. The crossdomain.xml file gives these web applications permission.


Things that may require crossdomain.xml access:

- SWF
- Silverlight
- Flex
- Flash
- Adobe pdf reader


Example of a crossdomain.xml file:

This following example of a crossdomain file basically allows no access, it's the strictest policy.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="none"/>
</cross-domain-policy>

This is a typical crossdomain.xml file. Notice that I included my domain as well as my domain without the 'www' in front.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.appshelter.com" />
<allow-access-from domain="appshelter.com" />
</cross-domain-policy>

The follwing Code will allow all domains. This effectively eliminates any security that Flash would have otherwise had. I suggest that you don't use this example unless you enjoy security holes.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

No comments:

Post a Comment