Silverlight & ClientPolicyAccess.xml

Brenden Kehren asked on March 25, 2014 07:39

The results of a penetration test showed the clientaccesspolicy.xml file at the root of the site to allow cross-domain access to the 3 modules/resources listed in it. From a functionality standpoint, if I remove this file I'm assuming it will break some functionality within the CMSDesk and Site Manager, so I won't be doing that. If I restrict cross-domain access, will applying that change cause a loss in functionality as well?

Correct Answer

Martin Danko answered on March 27, 2014 10:19

Hi Brenden,

I've discussed this with our security team and it seems that the mentioned XML file is still located in the application folder because of historical reasons but it's also required in some specific scenarios, e.g. when you are running a web farm where is the cross-domain communication used. I've deleted this file from my instance and everything seems to be working fine, it's related to the multifile uploader but also after the file deletion, uploader works without any problem, so create a backup of this file and feel free to delete it.

Regards, Martin

1 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.