Applet Security FAQ
Crossdomain policy file for Flash Applets
- Cross-domain policy files
"Another change to the Flash Player 7 framework is the use of cross-domain policy files. A policy file is a simple XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog. When placed on a server, it tells the Flash Player to allow direct access to data on that server, without prompting the user grant access. "
crossdomain.xmlfile is placed at the top level of the server -- in the directory accessed by the url
myserver.edu/-- NOT in the
...webwork2/htdocsfile which is accessed by the url
- We use this low security crossdomain file placed in
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy> </xml>
- More information at: http://kb2.adobe.com/cps/142/tn_14213.html
- There may be issues if one tries to use a java applet which is hosted on a different site from the WeBWorK server. So far this is only noticed only on the Safari server which throws exceptions of the form
- This error will occur for example if the geogebra applet is not hosted on the webwork server. It is not immediately apparent to the user but the error messages can be found by looking at Safar's error console (in the developer menu)
- Project: find out which policy files are needed to avoid this problem so that we can use geogebra hosted on sites other than the local webwork server.