2 Replies Latest reply on Oct 19, 2006 8:34 AM by HardCorey

    XMLSocket Security Problem?

    HardCorey
      Hello everyone.

      I've programmed a client and server side bandwidth testing system. The server side accepts socket connections on port 1234. I have a client side flash application which connects to the server side and uploads a stream of data. The server calculates the time is takes to receive the data thus determining the network bandwidth. The system appears to work perfect in the context of executing the flash client from the Flash compiler (i.e. Control | Test Movie "CTRL+Enter").

      The problem I'm having is that when I publish the flash .SWF and embed it into a simple .HTML file, the socket connection isn't working. If I try and run the .HTML file locally from my browser (i.e. URL=C:\Inetpub\wwwroot\Flash\Socket\Socket.html) it works fine. When I try to run the same file through my web server (i.e. URL=http://intranet/Flash/Socket/Socket.html) it fails to connect. I'm assuming this is some sort of security thing? Any help on why it works locally but not through my intranet would be greatly appreciated.

      Here's my client side flash code:

        • 1. Re: XMLSocket Security Problem?
          HardCorey Level 1
          Hello everyone.

          I've programmed a client and server side bandwidth testing system. The server side accepts socket connections on port 1234. I have a client side flash application which connects to the server side and uploads a stream of data. The server calculates the time is takes to receive the data thus determining the network bandwidth. The system appears to work perfect in the context of executing the flash client from the Flash compiler (i.e. Control | Test Movie "CTRL+Enter").

          The problem I'm having is that when I publish the flash .SWF and embed it into a simple .HTML file, the socket connection isn't working. If I try and run the .HTML file locally from my browser (i.e. URL=C:\Inetpub\wwwroot\Flash\Socket\Socket.html) it works fine. When I try to run the same file through my web server (i.e. URL=http://intranet/Flash/Socket/Socket.html) it fails to connect. I'm assuming this is some sort of security thing? Any help on why it works locally but not through my intranet would be greatly appreciated.
          • 2. Re: XMLSocket Security Problem?
            HardCorey Level 1
            I solved the problem. I think what happens is when a flash client attempts to make an XMLSocket connection to a destination server (where your server side applcation resides) on any port, in the context of a browser URL or non-local SWF file (i.e. http://www.yourserver.com/socketclient.swf), the flash client also checks the same destination web server's root directory for crossdomain.xml (via port 80). This file, crossdomain.xml, gives permission to the flash client to proceed with the socket connection. The crossdomain.xml file can be defined as follows:

            <?xml version="1.0"?>
            <!DOCTYPE cross-domain-policy SYSTEM " http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
            <cross-domain-policy>
            <allow-access-from domain="SERVERHOSTINGYOURSWFSOCKETCLIENT" />
            </cross-domain-policy>

            Just an interesting side note, by default, XMLSocket connections don't allow for port connections under 1024 unless configured to do so.