Re: [thredds] crossdomain.xml

On Aug 15, 2012, at 9:38 AM, Lansing Madry wrote:

> Jay,
> We're a little unclear on exactly what's going on here.  It seems that one 
> server (host A - ucsd in this case) is being asked by another server (host B 
> ) to serve up some data.  If B puts in a request to A, why does A need to 
> specifically authorize the request?  What are the security implications here, 
> since that seems to be the underlying rationale?  If security is the issue, 
> then is seems perhaps unwise to set domain="*" in the <allow-access> tag.
> Thanks for your comments.
> -Lansing

Even more so, Jay claims the file is need to enforce security,  By default, in 
Javascript, crossdomain requests are not allowed.  So this in fact opens things 
up, not clamp things down.  \ncWMS works on this site, at least in my tests.  
So they would be opening up a crossdomain request so that someone outside could 
use Flex?????

My guess is that it is fact the Oregon State folks who are making the cross 
domain request, and they are the ones who need to have the crossdomain file.  
This is a guess,  I could be wrong, but it would make more sense.


"The contents of this message do not reflect any position of the U.S. 
Government or NOAA."
Roy Mendelssohn
Supervisory Operations Research Analyst
Environmental Research Division
Southwest Fisheries Science Center
1352 Lighthouse Avenue
Pacific Grove, CA 93950-2097

e-mail: Roy.Mendelssohn@xxxxxxxx (Note new e-mail address)
voice: (831)-648-9029
fax: (831)-648-8440

"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected" 
"the arc of the moral universe is long, but it bends toward justice" -MLK Jr.

  • 2012 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: