Comments on: crossdomain.xml, Java, and JNLP http://ajaxian.com/archives/crossdomainxml-java-and-jnlp Cleaning up the web with Ajax Thu, 17 May 2012 07:43:39 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: newz2000 http://ajaxian.com/archives/crossdomainxml-java-and-jnlp/comment-page-1#comment-264365 newz2000 Tue, 03 Jun 2008 16:32:51 +0000 http://ajaxian.com/?p=3709#comment-264365 I think there might be better explanations of the potential problems related to crossdomain.xml than that linked. As the author of the article notes in his comments he had a mis-understanding of how crossdomain.xml worked when he wrote the article. Here's a better link that <a href="http://shiflett.org/blog/2006/sep/the-dangers-of-cross-domain-ajax-with-flash" rel="nofollow">explains the problem</a> in a real-world context (an exploit of flickr) and how it was solved. I personally would love to see techniques for making cross domain communication easier (i.e. possible without a hack) between consenting domains. Yes, I know there are possible problems but we can solve them the same way we solve xss problems - educate the software developers. I think there might be better explanations of the potential problems related to crossdomain.xml than that linked. As the author of the article notes in his comments he had a mis-understanding of how crossdomain.xml worked when he wrote the article.

Here’s a better link that explains the problem in a real-world context (an exploit of flickr) and how it was solved.

I personally would love to see techniques for making cross domain communication easier (i.e. possible without a hack) between consenting domains. Yes, I know there are possible problems but we can solve them the same way we solve xss problems – educate the software developers.

]]> By: Wendelmaques http://ajaxian.com/archives/crossdomainxml-java-and-jnlp/comment-page-1#comment-264360 Wendelmaques Tue, 03 Jun 2008 14:58:03 +0000 http://ajaxian.com/?p=3709#comment-264360 I think that we need a standard for this type of file and remote mashups. I think that we need a standard for this type of file and remote mashups.

]]>