Bare minimum to request a policy file for sockets?

Report · Feb 21, 2014

I had a program some three years ago that communicated to my c++ server I wrote. It requested a policy file, and my c++ server returned a policy file.

My same AS3 code no longer requests a policy file, but my C++ server still works fine.

What is the problem:

Did AS3 change how communication is done?

or

Is it my new computer's firewall? And how do I allow it to communicate through the firewall?

,Jim

Also does anyone have the bare minimum to request a policy file?

My reason: I have a facebook game going up, and I want to monitor microtransactions so Facebook can't lie to me about their books.

Report · Feb 24, 2014

Is your server listening on the default port 843? If so, after a connection request comes in, are you reading any data that is sent? You should read it until empty before sending the socket policy file. Since this port is pretty heavily known for socket policy, what is read is not that important but feel free to read any request data sent to verify it's requesting a socket policy file if you want. After established, send the XML with the trailing \0 byte and close the connection.

Your policy file should designate both the domain and ports allowed to make a socket connection.

e.g.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*.yourserver.com" to-ports="9100,9101" />
</cross-domain-policy>

As for the firewall, yes you will need to open up whatever port your c++ server wants to accept the connection on both on any routers you have as well as your firewall.

Do you really have a need for using your c++ server? Is there any reason you're not setting a standard HTTP server up while sending simple HTTP GET/POST rather than direct socket? Not that sockets are difficult and you might not want the overhead and security issues of leaving a HTTP server running but most WAMP/LAMP (etc) servers will allow you to configure the firewall entry point and adjust your firewall for you.

That leaves you to also adjust any routers you have for the forwarding rules yourself. In this scenario I'd highly suggest not using port 80 however, use at least 8080 or something random so typical malicious software won't easily detect your server.

Report · Mar 04, 2014

sinious,

Thank you for your response. My server listens on port 843. It transfers data fine on it too. I'm on a new computer than I used 4 years ago when I wrote the code that worked back then.

Either Flash changed in 4 years(possible), or I need to fix my firewall somehow.

Would I need to fix my firewall even if I do 127.0.0.1 exchanges?

Report · Mar 04, 2014

A snippet of my flash code looks like this:

			try {
				Security.allowInsecureDomain("*");
				Security.allowDomain("*");
				Security.loadPolicyFile("xmlsocket://127.0.0.1:843");

			} catch (e:IOError) {
				trace("error");

			}

			xmls.send("yo");
			xmls.send("yo2");

My server receives "yo", but never receives "yo2" which is what should happen if it doesn't get the policy file.

I do not get the policy file request sent to my server. Four years ago with the same code, I did.

So my question remains: What is the bare minimum I need to request a policy file?

Security.loadPolicyFile("xmlsocket://127.0.0.1:843"); //This doesn't seem to do anything