Meaning of RIA
The meaning of RIA “Register Investment Advisor”, an advisor and firm engaged with the investment advisory business or registered either with the Securities or Exchange Commission and state securities authorities’.
What is cross-domain policy?
The cross-domain policy are the files, and these files specifies the permissions of that a web client such as Adobe Flash, Java, etc. use to access information across the different domains. For Microsoft, Silverlight adopted a sub set of the Adobe's cross-domain.xml, or additionally created its own cross-domain policy file.
Whenever web client find out that resource has to be requested from another domain, it will first see for a policy file in the target of domain to determine, if performing cross domain requests, involving headers, & socket-based connections are allowed.
Master policy files are displayed at the domain's root. Client might be in-structed to loads another policy file but it will continuously checks the master policy file first to ensure that the master policy file allows the requested policy file.
To use clientaccesspolicy.xml file to allow cross-domain access
1. Develop a service that enables access through a Silverlight client.
2. Make a clientaccesspolicy.xml file that allows the access to the service.
3. Saves the clientaccesspolicy.xml file to root of domain where the services are hosted.
4. Test that the approach is enabled through invoking the services from the other domains.
To use crossdomain.xml file to allow cross-domain access
1. Make a service that enables access by a Silverlight client.
2. Build a crossdomain.xml file that holds the following configuration. The file must be assembled to allow the access to service from any other domains, and it’s not recognized through Silverlight 4.
3. Saves crossdomain.xml file to the root of the domain where services hosted.
4. Test that the services is enabled through invoking the service from the other domains.
How to test:
Testing for RIA policy files:
To test RIA policy file acratia the tester should try to get the policy files “crossdomain.xml” or “clientaccesspolicy.xml” from the application's root, & from every folder found.
After retrieving each of the policy files, the permits allowed should be checked under least pre-requisite principles. Requests should only be come from the ports, domains, and protocols that are essential. Overly permissive policy should be neglected. Policies with asterisk mark"*" in them should be closely examined.