Cross domain requests: Javascript vs Flash -

-

As you may know, browser security model loaded in a page to create cross-domain requests The script does not allow AJAX calls to any domain other than www.example.com). The javascript file could be served completely from a different domain (www.javascript.com/myscript.js) and it is irrelevant it's a similar-basic policy.

Something similar in Flash? But does Flash treat the original page as HTML page where the .swf file was loaded or the original domain that is the service .swf file?

Then loads an .swf file from .swf can load resources from www.example.com or www.swf.com now? I am assuming that there is no cross-domain.exml file setup on either example.com or swf.com.

I think this article tells a lot about the problem you mentioned:

From there:

For website owners, all content supplied by the user should be served from a completely different domain. It already has Yahoo Mail, Hotmail, Wikipedia, and many other major websites, but there is a huge amount of self-contained web applications. Vidhta does not (and would if I could have, for example, "upload a malicious file .com" on apiwiki.twiitter, I could perform cross-subdomain cookies attacks). A partial solution was made possible by flash 10,0,0,2: SWF files are given with the "Content-Attention: Attachment" header, when embedded in a web page. If all user-generated content is served with this header (in no case a bad idea), it can limit your risk, but this is not a very strong solution.

It seems that if you serve content from a different domain and there is no cross-domain policy file, then Flash can not access files from your main server.

In addition, this article explains that

and whatever I write, they are able to trust each other and share with each other. should be there. You may wonder if Flash Advertising is a problem or not. Do they have this problem? No, there are flash ads on the Internet, but since they are almost never hosted on the same domain as the domain you are viewing, they do not have access to data from the primary web site's web site. . Cool


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more