2 Replies - 1326 Views - Last Post: 30 May 2019 - 05:23 AM Rate Topic: -----

#1 midasxl   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 215
  • Joined: 03-December 08

crossdomain.xml file in ColdFusion application

Posted 02 April 2019 - 06:12 AM

Hello and thanks for reading!

I have adopted a ColdFusion application and in the root of the app there is a crossdomain.xml file. I am wondering if it is actually providing anything to the application considering the way it is written.

Please see the following:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>



Being that there is no "allow-access-from" nodes, does this actually do anything?

Thanks for any insight you may have!

Cheers!

Is This A Good Question/Topic? 0
  • +

Replies To: crossdomain.xml file in ColdFusion application

#2 Craig328   User is offline

  • I make this look good
  • member icon

Reputation: 2042
  • View blog
  • Posts: 3,644
  • Joined: 13-January 08

Re: crossdomain.xml file in ColdFusion application

Posted 02 April 2019 - 09:46 AM

It's been eons since I've seen a reference to that file in a CF application. If I recall correctly from my previous exposures to it, it was needed if your site is using Flash or PDF files. I think it was intended for clients with regard to cross domain access to data/content for those clients (Flash, PDF).

I have no idea about the lack of node notations but the sub it does have (
<site-control permitted-cross-domain-policies="master-only"/>
) seems to suggest it allows access (maybe?) to a "master-only" group? TBH, the mighty Google doesn't shed much light on it and, if it were my app, I'd comment it out, run the application and see if anything unexpected happens. This would tell you if anything local to your app relies on it. What it may not do is notify you of remote Flash and/or PDF clients trying to gain access to your application.

I guess it depends on what the app does and does it appear to present a security risk for you? If it's a way of granting access to data/info, is it possible to build out proper web data stubs via a proper CFC component (aka: make it a web service)?

Sorry for the lack of definitive help. This is an old topic for me and I truly can't recall what the impact of it was. If you do sort it out, please post any details back here. I'd be curious to know.
Was This Post Helpful? 0
  • +
  • -

#3 midasxl   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 215
  • Joined: 03-December 08

Re: crossdomain.xml file in ColdFusion application

Posted 30 May 2019 - 05:23 AM

Thanks for the info Craig328, I am continuing to streamline the application and will comment it out to see if it makes a difference. Will provide more info as I learn more. Thanks!!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1