Like many of you, I cracked open Xcelsius 2008 dove right into the Data Manger to make sure all of my existing connections work. When trying Xcelsius out with Xport Wizard, I got Error #2032 which for some reason didn’t surprise me since there have been major changes to the Flash Player security since the previous version of Xcelsius. After double checking my crossdomain.xml file, I set out to figure out what security setting Adobe has changed with Flex. I quickly found that the cross domain policy file requires some minor changes, which actually provides a lot more control over who has access to your data from a SWF. The cross domain policy should look like the following:
In the XML file, I have used a wildcard (*). This allows a SWF located on any machine to access your data source. You can certainly use an IP address or domain name to restrict access rather to opening it up completely. I always start with the wildcard to make sure my dashboard works, then start restricting access as necessary.
Save this code as crossdomain.xml and place it in the root directory of the application server that provides data to your SWF.
Here is a whitepaper with everything you need to know about Flash player security: