5 Replies Latest reply on Apr 20, 2012 10:23 AM by Flex harUI

    ftp Security Sandbox Violation?

    EWN-CMI Level 1

      I have a crossdomain file and am trying to run the example at http://ntt.cc/2009/08/23/how-to-upload-files-in-flex-ftp.html but I keep getting a sandbox error.  All help is appreciated.  I am simply trying to allow users to upload images to a common folder, but I don't get permission to manage the folder unless the file is sent via ftp, so I am looking for a simple upload ftp client - which the test example looks like, using the ftp library - but can't get by the security.  The crossdomain file is below.  The common image folder is under the app folder.  Thanks.

       

      SecurityError–>Error #2048: Security sandbox violation: http://myDomain.org/TEST/FlexFTP/FTPflex.swf cannot load data from ftp.myDomain.org:21.

       

      The following statement is included in my Flex app.

       

      Security.loadPolicyFile('http://www.myDomain.org/crossdomain.xml');

       

       

      The crossdomain file:

       

      <?xml version="1.0"?>

      <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

      <cross-domain-policy>

      <site-control permitted-cross-domain-policies="all"/>

      <allow-access-from domain="*.myDomain.org" to-ports="*" />

      <allow-access-from domain="ftp.myDomain.org" to-ports="*" />

      <allow-http-request-headers-from domain="*" headers="*"/>

      </cross-domain-policy>

        • 1. Re: ftp Security Sandbox Violation?
          Flex harUI Adobe Employee

          What is the url for the app and what url is it trying to access?

          • 2. Re: ftp Security Sandbox Violation?
            EWN-CMI Level 1

            The app is running at http://myDomain.org/TEST/FlexFTP/FTPflex.swf.

            The image folder is http://myDomain.org/TEST/FlexFTP/uploader

            The ftp path is ftp.myDomain.org  (there is an ftp folder at the level above "www/ftp"  versus "www/html" folder on the server - not sure on the permissions of this folder but don't think I get there before the security error)

             

            The full code is below.  The crossdomain.xml file is above.

             

            Thanks for looking. and the help.

             

             

             

            //   http://ntt.cc/2009/08/23/how-to-upload-files-in-flex-ftp.html/

            <?xml version="1.0" encoding="utf-8"?>

            <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"

            initialize="upLoad()" layout="vertical">

             

            <mx:Script>

            <![CDATA[

             

            import mx.utils.*;

            import mx.controls.Alert;

            Security.loadPolicyFile('http://www.myDomain.org/crossdomain.xml');

             

            private var fileRef:FileReference;

            private var fileSize:uint;

            private var fileContents:ByteArray ;

            //you need to initiate two scokets one for sending

            //commands and second for sending data to FTP Server

            //socket for sending commands to FTP

            private    var s:Socket

            //responce from FTP

            private    var ftpResponce:String;

            //socket for sending Data to FTP

            private    var dataChannelSocket:Socket;

            //responce from FTP when sending Data to FTP

            private    var dataResponce:String;

            //will hold the IP address of new socket created by FTP

            private    var dataChannelIP:String;

            //will hold the Port number created by FTP

            private    var dataChannelPort:int;

            private var user:String="userName";//FTP usernae

            private var pass:String="passWord";//FTP Password

             

            private function receiveReply(e:ProgressEvent):void{

            ftpResponce = s.readUTFBytes(s.bytesAvailable)

            var serverResponse:Number = Number(ftpResponce.substr(0, 3));

            if(ftpResponce.indexOf('227')>-1){

            //get the ip from the string response

            var temp:Object = ftpResponce.substring(ftpResponce.indexOf("(")+1

            ,ftpResponce.indexOf(")"));

            var dataChannelSocket_temp:Object = temp.split(",");

            dataChannelIP = dataChannelSocket_temp.slice(0,4).join(".");

            dataChannelPort = parseInt(dataChannelSocket_temp[4])*256+

            int(dataChannelSocket_temp[5]);

            //create new Data Socket based on dataChannelSocket and dataChannelSocket port

            dataChannelSocket = new Socket(dataChannelIP,dataChannelPort);

            dataChannelSocket.addEventListener(ProgressEvent.SOCKET_DATA, receiveData);

            }

            //few FTP Responce Codes

            switch(String(serverResponse)){

                   case "220" :

                               //FTP Server ready responce

                              break;

                   case "331" :

                             //User name okay, need password

                             break;

                case  "230":

                              //User  logged in

                            break;

                case "250" :

                            //CWD command successful

                            break;

                   case "227" :

                                 //Entering Passive Mode (h1,h2,h3,h4,p1,p2).

                               break;

                  default:

              }

             

            //for more please

            //http://http://www.altools.com/image/support/alftp/ALFTP_35_help/

            //FTP_response_codes_rfc_959_messages.htm

            traceData(ftpResponce);

            }

             

            private function receiveData(e:ProgressEvent):void{

            dataResponce = dataChannelSocket.readUTFBytes(

            dataChannelSocket.bytesAvailable);

            traceData("dataChannelSocket_response—>"+dataResponce);

            }

            private function showError(e:IOErrorEvent):void{

                   traceData("Error—>"+e.text);

            }

            private function showSecError(e:SecurityErrorEvent):void{

                  traceData("SecurityError–>"+e.text);

                }

             

            private function createRemoteFile(fileName:String):void{

            if(fileName!=null && fileName !=""){

            s.writeUTFBytes("STOR "+fileName+"\n");

            s.flush();

            }

            }

            private function sendData():void{

            fileContents=fileRef.data as ByteArray;

            fileSize=fileRef.size;

            dataChannelSocket.writeBytes(fileContents,0,fileSize);

            dataChannelSocket.flush();

            }

             

             

            //initialize when application load

            private function upLoad():void {

            fileRef = new FileReference();

            //some eventlistener

            fileRef.addEventListener(Event.SELECT, selectEvent);

            fileRef.addEventListener(Event.OPEN, onFileOpen);

             

            //this fucntion connect to the ftp server

            connect();

            //send the usernae and password

            this.userName(user);

            this.passWord(pass);

            //if you want to change the directory for upload file

            //this.changeDirectory("/public_html/");   //directory name

            this.changeDirectory("/html/TEST/FlexFTP/uploader/");                  //directory name  sample shows /public_html/  show I am using my root path?????

            //enter into PASSV Mode

            s.writeUTFBytes("PASV\n");

            s.flush();

            }

             

             

            private function onFileOpen(event:Event):void {

            }

             

            private function traceData(event:Object):void {

            var tmp:String = "================================\n";

            ta.text +=event.toString()+ "\n" ;

            ta.verticalScrollPosition += 20;

            }

            private function ioErrorEvent(event:IOErrorEvent):void{

            Alert.show("IOError:" + event.text);

            }

            private function selectEvent(event:Event):void{

            btn_upload.enabled = true;

            filename.text = fileRef.name;

            fileRef.load();

            }

            private function uploadFile():void {

            createRemoteFile(fileRef.name);

            sendData();

            }

            private function connect():void{

            s = new Socket("ftp.myDomain.org",21);                                                  //Socket("ftp.anydomain.com",21);

            //s = new Socket("ftp.yourdomain.com",21);                                             //Socket("ftp.anydomain.com",21);

            s.addEventListener(ProgressEvent.SOCKET_DATA, receiveReply);

            s.addEventListener(IOErrorEvent.IO_ERROR, showError);

            s.addEventListener(SecurityErrorEvent.SECURITY_ERROR, showSecError);

            s.addEventListener(Event.CONNECT,onSocketConnect);

            s.addEventListener(Event.CLOSE,onSocketClose);

            s.addEventListener(Event.ACTIVATE,onSocketAtivate);

            }

            private function onSocketConnect(evt:Event):void {

            //traceData("OnSocketConnect–>"+evt.target.toString());

            }

            private function onSocketClose(evt:Event):void {

            //traceData("onSocketClose–>"+evt.target.toString());

            }

            private function onSocketAtivate(evt:Event):void {

            //traceData("onSocketAtivate–>"+evt.target.toString());

            }

            private function userName(str:String):void {

            sendCommand("USER "+str);

            }

            private function passWord(str:String):void {

            sendCommand("PASS "+str);

            }

            private function changeDirectory(str:String):void {

            sendCommand("CWD "+str);

            }

            private function sendCommand(arg:String):void {

            arg +="\n";

            s.writeUTFBytes(arg);

            s.flush();

            }

            ]]>

            </mx:Script>

            <mx:Panel id="up" horizontalAlign="left" width="100%" height="100%">

            <mx:Box width="100%" height="100%">

            <mx:VBox >

            <mx:Form  width="449" height="284">

            <mx:FormItem label="Selected File:">

            <mx:Label id="filename"/>

            </mx:FormItem>

            <mx:FormItem >

            <mx:Button width="80" label="Browse" click="fileRef.browse()" />

            <mx:Button width="80" label="Upload" id="btn_upload" enabled="false"

                click="uploadFile()" />

            <mx:Button width="80" label="Cancel" id="btn_cancel" enabled="false"

                click="fileRef.cancel()" />

                        </mx:FormItem>

             

            <mx:HRule width="100%" tabEnabled="false"/>

            <mx:FormItem label="Events:">

            <mx:TextArea id="ta" width="260" height="98" />

            </mx:FormItem>

            </mx:Form>

            </mx:VBox>

            </mx:Box>

            </mx:Panel>

            </mx:Application>

            • 3. Re: ftp Security Sandbox Violation?
              Spiix

              I have the exact same problem. I try to connect to an FTP server by using sockets, everything works perfectly locally but I get the same error when I deploy and run it on the server.

               

              SWF location is http://spiix.dommel.be/restaurant/RestaurantSite.swf

              FTP location is spiix.dommel.be  on port 21

              crossdomain.xml location is http://spiix.dommel.be/restaurant/crossdomain.xml

               

              I even added

              Security.allowInsecureDomain("*");
              Security.allowDomain("*");

              to the code, to no avail.

               

              error :

              Socket security error : Error #2048: Security sandbox violation: http://spiix.dommel.be/restaurant/RestaurantSite.swf cannot load data from spiix.dommel.be:21.

               

               

              Any help would be apreciated (even disabling the entire security thing completely, in my case it doesn't have to be secure AT ALL).

              • 4. Re: ftp Security Sandbox Violation?
                EWN-CMI Level 1

                I got around the issue by not using Flex, but am using php to handle the file/folder functions on the server.  My issue was that if I tried to create folders from Flex non-ftp that the permissions on the server were set to Apache which limited my access to manage any uploaded data.  If I create the folder through an ftp session then I can upload to that folder from Flex without issue and I am still the owner, so I just check to see if a folder needs to be created and if it does I use the php-ftp functions to create the folder before I process the Flex uploaded file.  Seems to be working fine.  I would have liked sockets to work but for this project no time to try to figure out the Security problem, when I thought my stuff was correct to start with.   Thanks to all, I would like to know what my problem was if anyone knows but now it's more for future reference.

                • 5. Re: ftp Security Sandbox Violation?
                  Flex harUI Adobe Employee

                  Did you follow the instructions on socket policy files?

                   

                  FWIW, I’ve used AIR (which has different security rules).  I get occasional errors, but it works most of the time.

                   

                  -Alex