A crossdomain.xml file is a file that usually available in the root folder of your webserver. This file is basically used to allow access to your data from outside your web domain. Here we are actively giving permission for someone to "trespass".
Many web applications require access to data from other location rather than where the application files originates. The crossdomain.xml file gives these web applications permission.
Things that may require crossdomain.xml access:
- SWF
- Silverlight
- Flex
- Flash
- Adobe pdf reader Things that may require crossdomain.xml access:
- SWF
- Silverlight
- Flex
- Flash
Example of a crossdomain.xml file:
This following example of a crossdomain file basically allows no access, it's the strictest policy.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="none"/>
</cross-domain-policy>
This is a typical crossdomain.xml file. Notice that I included my domain as well as my domain without the 'www' in front.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.appshelter.com" />
<allow-access-from domain="appshelter.com" />
</cross-domain-policy>
The follwing Code will allow all domains. This effectively eliminates any security that Flash would have otherwise had. I suggest that you don't use this example unless you enjoy security holes.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
No comments:
Post a Comment