7 Replies Latest reply on May 13, 2011 11:12 AM by Zolotoj

    Security #101

    Zolotoj Level 3

      So, if I see this message:

      Warning: Failed to load policy file from https://ufddb-02/crossdomain.xml

       

      *** Security Sandbox Violation ***
      Connection to https://ufddb-02/webapps/UFDPortal-debug/weborb.aspx halted - not permitted from http://ufddb-02/webapps/UFDPortal-debug/UFDPortal.swf
      Error: Request for resource at https://ufddb-02/webapps/UFDPortal-debug/weborb.aspx by requestor from http://ufddb-02/webapps/UFDPortal-debug/UFDPortal.swf/[[DYNAMIC]]/4 is denied due to lack of policy file permissions.

       

      and the server does not even have a file named "crossdomain.xml", nor I am using  https: how exactly would I go with my trouble schooling?

        • 1. Re: Security #101
          oldMster Level 3

          The server needs a cross-domain policy file at the location flash player is trying to load it from.  you can't make any calls from flash player to that server if it doesn't have a policy file, or if the policy file does not include a policy allowing access from the remote location.

          Makr

          • 2. Re: Security #101
            Zolotoj Level 3

            First of all is it crossdomain or cross-domain?

            Second:

            <The server needs a cross-domain policy file

            Do you mean: Specific Web ste?

            • 3. Re: Security #101
              oldMster Level 3

              the file name is crossdomain.xml and must be in the root directory of the web site you are trying to make a call to.

               

              Here is an example of the file that allows access to everything from everything:

               

              <?xml version="1.0"?>

              <!DOCTYPE cross-domain-policy SYSTEM

              "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

               

              <cross-domain-policy>

                      <site-control permitted-cross-domain-policies="master-only"/>

                      <allow-access-from domain="*"/>

              </cross-domain-policy>

              • 4. Re: Security #101
                Zolotoj Level 3

                Yes, ok, even if I have such file I am getting the error anyway. So, getting back to my original question: How to trouble shoot this problem?

                • 5. Re: Security #101
                  oldMster Level 3

                  If the file is on the server, in the right place, with the right permissions, and has the correct policies in it, then it will work.

                   

                  The first thing to check is if you can load the policy file in a browser, just enter this URL into the browser and see if it loads:

                   

                  https://ufddb-02/crossdomain.xml

                   

                  If it doesn't, then there is still something wrong with the file permissions or location.

                   

                  If it loads, and flash player is still unhappy, then there is something not right with the policy definitions, and that is just plain old XML debugging, eyeballs and specs.

                   

                  Mark

                  • 6. Re: Security #101
                    Zolotoj Level 3

                    Yes,  it loads into Browser. ....

                    but not via secure channel. Dont know where FP is even getting it from when it reports about my great security thread.

                    Also I am running my web from a different than default web location.

                    • 7. Re: Security #101
                      Zolotoj Level 3

                      Just one more thing. Why, in the World, it uses secure channel?