![]() Master policy files are located at the domain’s root. Whenever a web client detects that a resource has to be requested from other domain, it will first look for a policy file in the target domain to determine if performing cross-domain requests, including headers, and socket-based connections are allowed. For Silverlight, Microsoft adopted a subset of the Adobe’s crossdomain.xml, and additionally created it’s own cross-domain policy file: clientaccesspolicy.xml. use to access data across different domains. What are cross-domain policy files?Ī cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader, etc. Poor configuration of the policy files enables Cross-site Request Forgery attacks, and may allow third parties to access sensitive data meant for the user. ![]() However, often the policy files that describe the access restrictions are poorly configured. Therefore, a domain can grant remote access to its services from a different domain. Rich Internet Applications (RIA) have adopted Adobe’s crossdomain.xml policy files to allow for controlled cross domain access to data and service consumption using technologies such as Oracle Java, Silverlight, and Adobe Flash. ![]() Home > V42 > 4-Web Application Security Testing > 02-Configuration and Deployment Management Testing Test RIA Cross Domain Policy ID
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |