Open foobarlab opened 11 years ago
The way the Flash Policy crossdomain is implemented seems broken and not confirming to the recommended way security should be implemented.
Specification for crossdomain policy: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
See also: https://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html https://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html https://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
The way the Flash Policy crossdomain is implemented seems broken and not confirming to the recommended way security should be implemented.
Specification for crossdomain policy: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
See also: https://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html https://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html https://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html