Security changes in Flash Player 9

Please post your general Flash Design questions here. Typically beginner questions fall into this category.

Security changes in Flash Player 9

Postby Eden » Fri Dec 28, 2007 11:55 am

Hi friends,

There is a bunch of security changes in Flash Player 9. As Adobe mention it here: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html

Those changes effected some of my programs. One of my flash chat application taht using the Flash XML Socket does not work with fp 9.0 r115 any more. The problem is stricted socket policy files.

I have tried to fix it, but have no chance to find the solution yet. Actually, there is a update for fp 9 debugger which creates a policy file log, if you apply the small code in the description writes in "Using logging" part (look at the link above). This log file is useful for debugging.

When i run the app. the report of the debugger is:
Warning: [strict] Requesting socket policy file from xmlsocket://www.dasclub.com:2448 due to socket connection request from SWF at http://www.dasclub.com/chatApp.swf. See http://www.adobe.com/go/strict_policy_files if this causes problems.
Warning: [strict] Ignoring policy file at xmlsocket://www.dasclub.com:2448 due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
Warning: SWF from http://www.dasclub.com/chatApp.swf will be permitted to connect to a socket in its own domain without a policy file. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.



Yes I know adobe writes about the PORT 843, but how i cannot do that with a homemade XML Socket Server. One of my friend coded, and know he said that he cannot use that port for crossdomain policy

Is there anybody that experienced this problem before? How can you solve this problem / how can i solve this problem? :cry:
http://www.ozguraltay.com
http://www.advert360.com // 3D place and product presentations
Eden
 
Posts: 6
Joined: Fri Oct 27, 2006 8:44 pm
Location: TURKEY

Re: Security changes in Flash Player 9

Postby Eden » Sat Dec 29, 2007 9:38 am

Did anyone ever experianced something like this? Or it happens only to me.

Please write here, if you have some stories about fp9 crossdomain problemles. I am starting to feel alone here. :(
http://www.ozguraltay.com
http://www.advert360.com // 3D place and product presentations
Eden
 
Posts: 6
Joined: Fri Oct 27, 2006 8:44 pm
Location: TURKEY

Re: Security changes in Flash Player 9

Postby CarloWood » Mon Feb 04, 2008 11:42 pm

You are not alone. When I upgraded to r115, every site with flash that I normally use stopped working
because I couldn't connect to the servers behind it anymore.

I downgraded to r31.

What amazes me is that there are still people who think that commercial software is better(?) than Open Source.
In this case:

- I run linux on amd64, and there is no flash plugin for that architecture.
Adobe ignores the demand from everyone to make it available.
- When a serious bug like this one occurs, there is nothing you can do.
I wrote an email to Adobe and got an automatic reply; but that's it.
In the case of Open Source, I mail the *developer* personally and we
often end up debugging it together, so that two days later the problem
is fixed...

The only thing you can do is hope that we won't need closed software like Adobe's anymore in the future.
CarloWood
 
Posts: 1
Joined: Mon Feb 04, 2008 11:31 pm

Re: Security changes in Flash Player 9

Postby Eden » Sat Feb 09, 2008 12:45 pm

@CarloWood,

thanks for your comment. This is a malfunction, why adobe answers the post i dont understand... It past months since people shouted to adobe's platforms.

Still an empty page here: http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html Where is the promised help?

Here a page i've found from Ammon Lauritzen's blog page http://ammonlauritzen.com/blog/2007/12/13/new-flash-security-policies/ about the same problem.

I've tried everything but stil I cannot connect to the XML Socket. First it looks crossdomain from port 843, it says everything is OK
OK: Policy file accepted: xmlsocket://www.dasclub.com:843
OK: Request for resource at xmlsocket://www.dasclub.com:2448 by requestor from http://www.dasclub.com/chatApp.swf is permitted due to policy file at xmlsocket://www.dasclub.com:843


but wait for it... The connection cuts somehow! Why? I dont know!

Also, why everybody needs to control his/her server? May be i am just a user of the server, may be i am just a customer of a hosting company and I haven't got Admin privilages on my host... Why should I open the 843 socket for master crossdomain? If you open that port, that will make the read/write permissions public!

Is there anybody experimented about this? Please, any piece of knowladge would be great!
http://www.ozguraltay.com
http://www.advert360.com // 3D place and product presentations
Eden
 
Posts: 6
Joined: Fri Oct 27, 2006 8:44 pm
Location: TURKEY


Return to General Flash

Who is online

Users browsing this forum: No registered users and 6 guests