Security changes in Flash Player 9

[Eden]

Hi friends,

There is a bunch of security changes in Flash Player 9. As Adobe mention it here: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html

Those changes effected some of my programs. One of my flash chat application taht using the Flash XML Socket does not work with fp 9.0 r115 any more. The problem is stricted socket policy files.

I have tried to fix it, but have no chance to find the solution yet. Actually, there is a update for fp 9 debugger which creates a policy file log, if you apply the small code in the description writes in "Using logging" part (look at the link above). This log file is useful for debugging.

When i run the app. the report of the debugger is:

Warning: [strict] Requesting socket policy file from xmlsocket://www.dasclub.com:2448 due to socket connection request from SWF at http://www.dasclub.com/chatApp.swf. See http://www.adobe.com/go/strict_policy_files if this causes problems.
Warning: [strict] Ignoring policy file at xmlsocket://www.dasclub.com:2448 due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
Warning: SWF from http://www.dasclub.com/chatApp.swf will be permitted to connect to a socket in its own domain without a policy file. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

Yes I know adobe writes about the PORT 843, but how i cannot do that with a homemade XML Socket Server. One of my friend coded, and know he said that he cannot use that port for crossdomain policy

Is there anybody that experienced this problem before? How can you solve this problem / how can i solve this problem?

[Eden]

Did anyone ever experianced something like this? Or it happens only to me.

Please write here, if you have some stories about fp9 crossdomain problemles. I am starting to feel alone here.

[CarloWood]

You are not alone. When I upgraded to r115, every site with flash that I normally use stopped working
because I couldn't connect to the servers behind it anymore.

I downgraded to r31.

What amazes me is that there are still people who think that commercial software is better(?) than Open Source.
In this case:

- I run linux on amd64, and there is no flash plugin for that architecture.
Adobe ignores the demand from everyone to make it available.
- When a serious bug like this one occurs, there is nothing you can do.
I wrote an email to Adobe and got an automatic reply; but that's it.
In the case of Open Source, I mail the *developer* personally and we
often end up debugging it together, so that two days later the problem
is fixed...

The only thing you can do is hope that we won't need closed software like Adobe's anymore in the future.

[Eden]

@CarloWood,

thanks for your comment. This is a malfunction, why adobe answers the post i dont understand... It past months since people shouted to adobe's platforms.

Still an empty page here: http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html Where is the promised help?

Here a page i've found from Ammon Lauritzen's blog page http://ammonlauritzen.com/blog/2007/12/13/new-flash-security-policies/ about the same problem.

I've tried everything but stil I cannot connect to the XML Socket. First it looks crossdomain from port 843, it says everything is OK

OK: Policy file accepted: xmlsocket://www.dasclub.com:843
OK: Request for resource at xmlsocket://www.dasclub.com:2448 by requestor from http://www.dasclub.com/chatApp.swf is permitted due to policy file at xmlsocket://www.dasclub.com:843

but wait for it... The connection cuts somehow! Why? I dont know!

Also, why everybody needs to control his/her server? May be i am just a user of the server, may be i am just a customer of a hosting company and I haven't got Admin privilages on my host... Why should I open the 843 socket for master crossdomain? If you open that port, that will make the read/write permissions public!

Is there anybody experimented about this? Please, any piece of knowladge would be great!