Date of update: 5/15/2011
XML Socket Server - eClever
write us
Novelties
12.06.09  eClever
16.03.09  pluginXLS
28.03.08  Flash API AS2
Web feeds
RSS 2.0
Atom 0.3
Links of Interest
Deans Director Tutorials
Director Online
DMOZ | Open Directory Project
Domaj
eSimLab, cz version
Feja.cz - prodejní galerie
Flash.cz, cz version
Garden, cz version
Hand-work, cz version
MediaMacros
Mile High Table
Xtra web-cd
Xtrasy
Zabezpečení aplikací
(this section only regards client applications created in Flash or Flex)

Beginning with the version 7, Flash has applied a new security policy, which is based on the fact that if you have an swf file in a www domain, this file can only use means of this domain. If you want to read data from another domain you have to put the file crossdomain.xml to its root. In this file you define which domains have access to means in the target domain. 

Crossdomain.xml file example:
<cross-domain-policy>
       <allow-access-from domain="*" to-ports="507" />
       <allow-access-from domain="*.mysite.com" to-ports="507,516" />
       <allow-access-from domain="*.myothersite.com" to-ports="516-523" />
       <allow-access-from domain="www.myothersite.com" to-ports="507,516-523" />
       <allow-access-from domain="www.mysite.com" to-ports="*" />
       <allow-access-from domain="flash.mysite.com" to-ports="*" />
</cross-domain-policy>

The meaning of the file is, I think, clear, and to get a closer description we suggest to see Adobe pages Security Changes in Macromedia Flash Player 7.
http://www.adobe.com/devnet/flash/articles/fplayer_security_03.html
 
You may also use another name of the security file. Then you have to make Flash read it. This can be done using the function loadPolicyFile. Example:
System.security.loadPolicyFile("http://www.mysite.com/flash/myPolicy.xml")
Note: This function must be called before you use the functions accessing the target domain for the first time.

If you run XML Socket Server on a separate domain using for communication the port 80, for example, and if you do not have an http server run on any port, Flash cannot read the security file crossdomain.xml from this domain. This file would be normally read using http protocol. In this case we can use xmlsocket protocol instead of http. The function has this structure, for example:  System.security.loadPolicyFile("xmlsocket://socks.mysite.com:80").
This function asks XML Socket Server itself a security access. XML Socket Server reads the data from eClever.config. To be able to use this function you have to in eClever.config fill in the section
<cross-domain-policy>. Meaning of the attributes is identical with those in crossdomain.xml.

If you are running the http server, for example on the port 2277, in Flash you can use the function:
System.security.loadPolicyFile("http://socks.mysite.com:2277/?action=cross-domain-policy").

Example of file policy.config

Meaning of the attributes is described below:
Section cross-domain-policy / allow-access-from domain
domain The domain which we want to allow access to XML Socket Server from.
to-ports The ports we want to allow access to.






© 1992-2010 Studio dmm, all rights reserved