Update 4/30/2008:
NOTE: Flash Player 9.0.124 includes updates that affect the use of crossdomain policy files. For more information, see the Policy file changes in Flash Player 9 article in the Adobe Developer Connection.

Your system might be configured to allow a Flex application to directly access server-side resources on different domains or different computers without going through a proxy. These operations fail under the following conditions:

• When the Flex application's SWF file references a URL, and that URL is outside the exact domain of the SWF file that makes the request
• When the Flex application's SWF file references an HTTPS URL, and the SWF file that makes the request is not served over HTTPS

To make a data service or asset available to SWF files in different domains or on different computers, use a crossdomain policy file on the server that hosts the data service or asset. A crossdomain policy file is an XML file that provides a way for the server to indicate that its data services and assets are available to SWF files served from certain domains, or from all domains. Any SWF file that is served from a domain specified by the server's policy file is permitted to access a data service or asset from that server. By default, place the crossdomain.xml at the root directory of the server that is serving the data.

For more information on using a cross-domain policy file, see Using cross-domain policy files.