Okay, let’s talk a little bit about some of the security issues inherent within the Flash Player. So the first thing I would like to show you is this diagram here and I want you to understand the security model of the Flash Player. Now by default, if we don’t do anything, the Flash Player can only call HTTPServices or web services from the domain in which it was served. So for example, in our case I could only access an HTTPService that was in the same domain as the Flash Player in terms of web servers.
So if I tried to access another domain, I would get a security sandbox error, for example if I accessed another domain and that would not allow me to access that XML data using the HTTPService class. So that can result in a problem, but there is a very nice solution because I can simply install across domain security file in the web server root of another domain .com and I could specify that certain Flash Players served from specific URLs are able to access this particular domain or I can simply say that any Flash Player is able to access this particular domain and this is known as a cross security domain file and it's just simply a simple text file that you install on the root server of that web server.
So let’s take a quick look at that and you can see this would be a simple cross domain security policy file that allows access from every single domain. So all you would have to do is to install this in the root of the server that you wish to access from the Flash Player and then any Flash Player would be able to access that and you can also specify specific domain. So in this case I have an asterisk which means every single domain, but I could say specifically for example, totaltraining.com and that would mean that only SWF files served from total training would be able to access services on this domain. So very, very powerful and that's how you get around the security model that's inherent within the Flash Player and again this is just saved in the web server root of the domain that you wish to access from the Flash Player.
