What is crossdomain.xml?
The crossdomain.xml file is a
cross-domain policy file. It grants the Flash Player permission to talk
to servers other than the one it's hosted on. A simple example:
If your website is hosted at
www.xyz.com, your crossdomain file
should look like:
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.xyz.com" />
</cross-domain-policy>
or
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from
domain="www.xyz.com" />
<allow-access-from domain="xyz.com" />
</cross-domain-policy>
If you wanted to allow abc.org
to use your server as host, add one more line like:
<allow-access-from
domain="*.xyz.com" />
But if your file is like:
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from
domain="*" />
</cross-domain-policy>
It is a security threat. It exposes
the domain hosting. Attackers cannot only forge requests, they can read
responses as well.
Where can you find this?
It is present at the root directory
of host. It can be viewed like:
https://www.xyz.com/crossdomain.xml.
No comments:
Post a Comment