Flash security expert needed

Question

I am trying to establish a tcp socket connection from a flex browser application to a local socket server (localhost:8010). The flex app is loaded from my local http server (for early development). My socket server is returning the following cross domain policy upon request for the policy file from Flash,

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><all ow-access-from domain="*" to-ports="8010-8100"/></cross-domain-policy>

However, I continue to get the following error,
---
Warning: Timeout on xmlsocket://localhost:8010 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.

Connection to localhost:8010 halted - not permitted from http://localhost/~mike/app/main.swf
Error: SWF from http://localhost/~mike/app/main.swf may not connect to a socket in its own domain without a policy file. See http://www.adobe.com/go/strict_policy_files to fix this problem.
---

Here's the java code that executes on the socket server when it receives the request for the policy file (the socket server receives <policy-file-request> request from Flash).

    public void sendFlashCrossDomainPolicy() {
        //if mOut then socket connection is established
        String msg = "<?xml version=\"1.0\"?>" +
                "<!DOCTYPE cross-domain-policy SYSTEM \"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd\">" +
                "<cross-domain-policy>" +
                "<allow-access-from domain=\"*\" to-ports=\"8010-8100\"/>" +
                "</cross-domain-policy>";
        if (mOut != null) {
            System.out.println(msg);
            mOut.println(msg);
            mOut.flush();
        }
      }

The socket server receives the <policy-file-request> request from Flash as expected and then uses the snippet above to send the policy file.

Why doesn't flash see the cross domain policy returned by the socket server?

mikaye · Answer

Another question and perhaps easier to answer. I have changed the compiler options in order to change the security sandbox,

-use-network=false

and

-use-network=true

I'm not sure if this matters when trying to establish a socket connection to localhost, but regardless of the setting, the following code always results in an output of "Security Sandbox: REMOTE"

            switch (Security.sandboxType) {
                case Security.LOCAL_TRUSTED:
                    trace("Security Sandbox: LOCAL_TRUSTED");
                    break;
                case Security.LOCAL_WITH_FILE:
                    trace("Security Sandbox: LOCAL_WITH_FILE");
                    break;
                case Security.LOCAL_WITH_NETWORK:
                    trace("Security Sandbox: LOCAL_WITH_NETWORK");
                    break;
                case Security.REMOTE:
                    trace("Security Sandbox: REMOTE");
                    break;
            }

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded