Crossdomain.XML Flash attack is still possible?

Similar Questions

• IOError in IE but not in Firefox (problem possible crossdomain.xml)

  Yesterday I debugged If all goes well a problem that happens for our application in Internet Explorer but not in Firefox.

  This has to do with access to remote content from a separate domain.

  In all aspects, it SEEMS to be a problem of crossdomain.xml, but the fact that this arrises only problem in IE is what prompted me to post here.

  We have a solution in progress (in the bureaucratically speaking), but I want to check here.

  Our application is the field of "a.domain".

  It access a file xml on 'b.domain/xml/ '.

  And finally (this is the tricky part) it also accesses an xml file to "b.domain/forwardingPath/" which is actually transmitted to the 'c.domain/xml/ '.

  The crossdomain.xml is located at "b.domain/crossdomain.xml".

  The application of "b.domain/xml/anXMLFile.xml" works without any problem.

  The demand for the 'b.domain/forwardingPath/anotherXMLFile.xml' exists in Firefox but not in IE (remember, ACTUAL demand is sent to "c.domain/xml/anotherXMLFile.xml").

  In Internet Explorer, I get an IOError.

  I think that we need a proper crossdomain.xml file, also located in the "c.domain/crossdomain.xml" and put in this request.  I want to confirm is whether this interpretation is correct.  I'm not at all a person on the server side.  It's all of the elves and fairies for me.  And then finally, why the hell is this inconsistent behavior between IE and Firefox?  The version of flash player Firefox violates its own safety standards?

  I swap this in the stack overflow.  field-xml-issue http://StackOverflow.com/questions/7395931/ioError-in-IE-but-not-in-Firefox-possible-Cross

  I have ping our developers on this subject and this is what they have to say:

  "We did some work for the plugin around redirects andhence the correct behavior on Firefox.

  As far as I KNOW, on IE we don't get the redirection messages and may not participate in the decision-making process of security during redirection scenarios. This behavior is beyond our control.

  There is a workaround solution described in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html #checkPolicyFile

  Here's the relevant paragraph:

  Be careful with checkPolicyFile if you are downloading anobject from a URL that can use HTTP redirects on the server side. Arealways policy files comes from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of the HTTPredirects, the initially downloaded policy files might not applicableto the of the object's final URL, which is the URL that matters in security decisions. If you are in this situation, you can examine the value of ofLoaderInfo.url after receiving an orEvent.COMPLETE ProgressEvent.PROGRESS event, which tells you the final URL of the object. Then call the method theSecurity.loadPolicyFile () with a URL based on the object URL policy file ' sfinal. Then query the value of LoaderInfo.childAllowsParent until it becomes true. »

  Chris

• What is Crossdomain.xml

  Can someone tell me what's the use of crossdomain.xml? And how does it work? Where there should be the crossdomain.xml file is placed in the client side or the remote access server?

  If you have a Flash movie in a field on a single server, you cannot access data on another domain. It is a safety precaution. In order to use the data from another domain, you must allow other data to share including a crossdomain.xml file in the second field. This crossdomain.xml file tells the flash player that the data from that second domain is OK to use.

  There are a number of scenarios, explained in the first document that I listed above. You have a situation that is different from all these examples?

• What does "REQUEST_URI = crossdomain.xml" mean?

  When my site receives a 404 error I sent it to me. I see this a lot sometimes...

  'REDIRECT_URL = crossdomain.xml.

  (see below for the code). What it means? I know it has to do with the Flash in some way.

  HTTP_REFERER = desktop.htm

  HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Safari/537.4 Chrome/22.0.1229.94

  LAST_MODIFIED =

  PATH = / bin: / bin

  QUERY_STRING =

  REDIRECT_STATUS = 404

  REDIRECT_URL = crossdomain.xml

  Flash requires a cross-domain policy file. Cross-domain policy files allow to control the types of resources and requests Flash Player can do when you talk to your server.

  You can read more details on the different policy files that obeys Flash Player here:

  http://www.Adobe.com/devnet/flashplayer/articles/flash_player10_security_wp.html

• Problem crossdomain.xml

  Good afternoon

  I have a web app in flex 3 which, on a server "http://SRV-XXX:8181/relflex/main.html" and in the application, I reached by HTTPService " http://SRV-XXX:8181/SL_SISFLEX/slSRV05"(my Servlets).
  When you access the site with 'http://SRV-XXX:8181/relflex/main.html' works normally, but when I "http://172.1.0.6:8181/relflex/main.html" does not work and error # 2048

  (mx.messaging.messages: errorMessage) # 0
  body = (null)
  clientId = "DirectHTTPChannel0".
  correlationId = "0D499AD7-FE29-95E7-9B5A-B2062705750F."
  destination = «»
  extendedData = (null)
  faultCode = "Channel.Security.Error".
  faultDetail = "Destination: DefaultHTTP.
  faultString = "error of security to access the url.
  headers = (Object) # 1
  DSStatusCode = 0
  MessageId = "F4BCF095-DD0B-8739-5057-B2062734F478."
  rootCause = (flash.events: SecurityErrorEvent) # 2
  bubbles = false
  cancelable = false
  currentTarget = (flash.net: URLLoader) # 3
  bytesLoaded = 0
  bytesTotal = 0
  data = (null)
  dataFormat = "text".
  eventPhase = 2
  target = (flash.net: URLLoader) # 3
  Text = "error # 2048: Violation of the safe area: http://172.1.0.6:8181/relflex/main.swf cannot load data from http://SRV-XXX:8181/SL_SISFLEX/slSRVXXX? db = relflex & parameterDataSource = % S 5FPOD USP.»
  Type = "securityError".
  timestamp = 0
  timeToLive = 0

  I try to use the link in the crossdomain.xml as http://SRV-XXX:8181/relflex/crossdomain.xml:

  <? XML version = "1.0"? >
  <! DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd" > ""
  < cross-domain-policy >
  < site-control permit-cross_domain-policing = 'all' / >
  < allow-access-from domain = "" * "ports =" * "/ >"
  < allow-access-from domain = "srv - XXX" ports = "8181" / >
  < allow-access-from domain = "172.1.0.6" to-ports = "8181" / >
  < / cross-domain-policy >

  And in the application I'm call-> flash.system.Security.loadPolicyFile ("http://SRV-XXX:8181/relflex/crossdomain.xml");

  You can help me to solve the problem of the call of 172.1.0.6:8181 and SRV - XXX:8181?

  TKS!

  Paulo David

  If you can, try the default configuration where you put the crossdomain.xml file in the root and not the relflex subfolder.

  Alex Harui

  Flex SDK Developer

  Adobe Systems Inc..

  Blog: http://blogs.adobe.com/aharui

• is it still possible to use I have Message between 9 and 10 IOS iOS

  my girlfriend has an iPhone 4S and we use iMessage much, I have an iPhone 6 s.

  is it still possible to message between iOS iOS and 10 9?

  Because the updated did a lot with this soft...

  I want to know this before the update

  Yes

• Upgrade of the Mavericks to Yosemite. Still possible?

  Hi, I am aware that El Capitan is the latest software for the iMac. I am running Mavericks and rather than upgrade to El Capitan, I prefer to upgrade to the latest version of Yosemite. Is - this still possible, or am I forced to move to El Capitan instead? Any help would be great. Thank you.

  Yosemite is no longer available for download on the App Store.

  El Capitan offers more security for your Mac to Yosemite > on the Protection of the integrity of system on your Mac - Apple Support

• Is it still possible to put the URL bar on the front?

  Before the most recent change on my windows machines, I have had the firefox toolbar url and tabs button all on a single bar inside the "aero" windows style window decoration.

  Is it still possible to do? For the moment, I can't move the toolbar URL or menu options out of the toolbar and in the window decoration. If this is not possible can be done with an add-on? This change has doubled real estate display should read these.

  1. Classic restaurateur theme installation and restart Firefox when prompted.
  2. Open the modules (Ctrl + Shift + A Manager; Mac: Command + shift + A), then the Extensions category.
  3. Beside the classical restaurant theme, click on the Options button.
  4. On the main tab, make sure 'Mobile back-forward button' is checked. You can also check "Hide urlbars stop & reload buttons" and "combine stop & reload buttons. Close the options window when finished.
  5. Right-click on a zone empty of the tab bar and select Customize.
  6. Drag the front/rear, address bar, and any other key that you want in the toolbar and navigation on the tab bar.
  7. Drag all the unwanted items off the coast of the toolbar and navigation on the range of customization.
  8. Click the Customize the output at the bottom right button when finished.
  9. In modules, Extensions category, beside the classical Restorer theme Manager, click the Options button.
  10. On the main tab, under general UI, check "hide navigation bar. Close the options window when finished.

• Is it still possible to download a copy of 10.10. I have hardware drivers that don't work through 10.10. THX.

  Is it still possible to download a copy of the system 10.10? I discovered that I have a few hardware drivers that only supports up to 10.10 thru so I need to go back one version. Thank you. Richard

  # Unless you have all ready bought.

• in the past, you could close firefox, but he recalled the pages or tabs you had open and open again when you started upward. Is it still possible today?

  In the past, you had several ways to close Firefox. Just close it with the loss of the page, or close, but remembering the pages where you were, then they open again once you started Firefox later. Is it still possible?

  See also:

  • Tools > Options > general > startup: "When Firefox starts": "show my windows and tabs from last time '.

• Is it still possible to install disc for Mountain Lion

  I just reinstalled Mountain Lion on my MacBook Pro and want to make an installation disc, but it does not appear in the App Store. All the instructions I found on the internet are about 3 years ago and it seems that I can download only of Internet recovery

  So is it still possible to download Mountain Lion during the performance of the computer and access it from the application package?

  Look under the tab of the App Store purchases.

• Is it still possible to get the 64-bit Windows Vista support?

  Hello!

  Well, I have a copy to authentic detail, under license of Windows Vista Edition Home Premium. He put 32 bit media. But at the time when Vista comes out, I could order the 64-bit Vista Home Premium support which I use today with the same license key that came on the parcel.
  About a year ago I bought the Windows Vista Express upgrade, which is valid for a Home Premium to Ultimate upgrade. But the disk is 32-bit only! So, I was wondering if it is still possible to get the 64-bit separately, support only this time, for the edition of Vista Ultimate? I ask this question because I would like to upgrade to Vista Ultimate, but still run on 64-bit, since I can't spend 64-bit Home Premium to Ultimate 32 - bit.
  I know that it may be too late now, given the fact that Windows 7 is already out and Windows 8 is in its phase of consumer preview now. But I am not really interested in upgrading to one of them at this stage. All I really want is just to upgrade to Vista Ultimate, but I need the 64-bit support, since I already have the license key.
  Maybe that Microsoft may allow me to download an ISO image of the Vista Ultimate 64-bit? That would be good enough for me, I don't care for the physical disc, it is not really necessary. I could get some pirate site or something like that, since I already own not one but two licenses, but I don't want that.
  Thanks in advance!

  The disks are probably non-destinee resale and this may explain the color.

  The Express Upgrade product key is specific to an upgrade from Home Premium to Ultimate.  The product key with the expedition is probably a full license key.

  > By 'Matrix Vista upgrade', you mean upgrading one bit-version to the other, like 64-bit to 32-bit or 32-64, right?

  N ° upgrade matrix tells you if an upgrade installation is allowed or a custom installation is required when moving from one edition of Windows to another.

  > Also, if I use a key Vista Home Premium that I have today to install Home Premium and then upgrade to Vista Ultimate, what happenes to my old key? The old key become invalid/replaced by the new key that I got the update? I mean where I want to go back to the old edition, I've had to go back to Vista Home Premium, I reuse this old key?

  You can use the old key to return to the old edition.  However, you can not use the key to install the old edition on a different computer.  The old key is bound to the key to upgrade.

  > "" If a user is running a 32-bit version of Windows, a user can only be upgraded to another 32-bit version: upgrade from 32 bit to 64 bit requires a clean installation. ""

  Now you are confusing a "install update" with an 'upgrade license '.  A retail upgrade license is valid to move from a 32-bit edition to a 64-bit edition, but an upgrade installation is not allowed and a custom installation is required (due to the change in the number of bits of the installation).

   
  > And now Microsoft will probably speed up the versions of Windows, with new versions coming out every two years or more, or has done.
   
  Not true.  Microsoft has been on a cycle of three years for a long time.  There is no speed upward.  Vista has been delayed for two years, when Microsoft declared a moratorium until security problems in Windows have been fixed (XP SP2 was the result).
   
  > I don't know about Windows 7. I don't know if I'll get it or wait for Windows 8. I hear a lot of misfortunes for Windows 7
   
  I don't know where you got this info.  Windows 7 is much better than Vista or XP.  Vista is the one that is panned by critics as a real dog.  Try Windows 7 and you will never look back.
   

• I have an old Presario SR1909UK is still possible to upgrade the processor and if so with what?

  I have an old Presario SR1909UK is still possible to upgrade the processor and if so with what?

  AM2 are listed here:

  http://support.HP.com/us-en/document/c00714578

• Is it still possible to synchronize my calendar on my mobile devices and the computer (which are mac)

  Original title: Mail without parallel

  I bought a mac and windows is installed. Is it still possible to sync my calendar on my mobile devices and computer (which are mac) my calendar Microsoft and vice versa?

  Simply connect the two to the same calendar service, which is responsible for the synchronization between all devices.  My recommendation is Outlook.com because it supports IMAP (sync mail) and Exchange Active Sync (which can synchronize mail, more address books and calendars).

  Google Apps has also supported Exchange Active Sync.  I'm not sure icloud.  Really, you're at the mercy of your email provider in this area.  But the deal on the use of Outlook.com is that you can use as the backend without changing your email account/provider. Just install Outlook.com to connect to the e-mail service you use already today, and he will take care of the rest.

• Is it still possible to buy Photoshop CS6 Adobe?

  A client of mind is adamant that he will not buy the Plan of Adobe photography or any other form of software subscription.   I told that Adobe still offers Photoshop CS6 aging, as an alternative to a subscription, but I can find is no longer on their website.  Is it still possible to buy Photoshop CS6 Adobe?

  I published in this issue, because the original was moved to the section of creative cloud of this forum, which is the exact opposite of what my client is interested in buying!

  You must call Adobe and plead your case to buy CS6. See the final paragraph in the link below.

  Creative cloud now includes the features of Creative Suite Master Collection and Design Premium

  A client of mind is adamant that he will not buy the Plan of Adobe photography or any other form of software subscription.

  That I don't understand. CS6 is withered on the vine and the software to end of life. Purchase CS6 is not very different from a subscription that is given as the name of screen Test said above, it's basically 7 years subscription paid upfront and there is no guarantee that it will run on whatever legacy operating systems are still there then...

  In addition, it is only compatible with Camera Raw up to version 9.1.1 so new cameras Raw files must be converted to DNG for CS6 to read.