5 Replies Latest reply on Apr 20, 2012 10:23 AM by Flex harUI

    ftp Security Sandbox Violation?

    EWN-CMI Level 1

      I have a crossdomain file and am trying to run the example at http://ntt.cc/2009/08/23/how-to-upload-files-in-flex-ftp.html but I keep getting a sandbox error.  All help is appreciated.  I am simply trying to allow users to upload images to a common folder, but I don't get permission to manage the folder unless the file is sent via ftp, so I am looking for a simple upload ftp client - which the test example looks like, using the ftp library - but can't get by the security.  The crossdomain file is below.  The common image folder is under the app folder.  Thanks.


      SecurityError–>Error #2048: Security sandbox violation: http://myDomain.org/TEST/FlexFTP/FTPflex.swf cannot load data from ftp.myDomain.org:21.


      The following statement is included in my Flex app.





      The crossdomain file:


      <?xml version="1.0"?>

      <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">


      <site-control permitted-cross-domain-policies="all"/>

      <allow-access-from domain="*.myDomain.org" to-ports="*" />

      <allow-access-from domain="ftp.myDomain.org" to-ports="*" />

      <allow-http-request-headers-from domain="*" headers="*"/>


        • 1. Re: ftp Security Sandbox Violation?
          Flex harUI Adobe Employee

          What is the url for the app and what url is it trying to access?

          • 2. Re: ftp Security Sandbox Violation?
            EWN-CMI Level 1

            The app is running at http://myDomain.org/TEST/FlexFTP/FTPflex.swf.

            The image folder is http://myDomain.org/TEST/FlexFTP/uploader

            The ftp path is ftp.myDomain.org  (there is an ftp folder at the level above "www/ftp"  versus "www/html" folder on the server - not sure on the permissions of this folder but don't think I get there before the security error)


            The full code is below.  The crossdomain.xml file is above.


            Thanks for looking. and the help.




            //   http://ntt.cc/2009/08/23/how-to-upload-files-in-flex-ftp.html/

            <?xml version="1.0" encoding="utf-8"?>

            <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"

            initialize="upLoad()" layout="vertical">





            import mx.utils.*;

            import mx.controls.Alert;



            private var fileRef:FileReference;

            private var fileSize:uint;

            private var fileContents:ByteArray ;

            //you need to initiate two scokets one for sending

            //commands and second for sending data to FTP Server

            //socket for sending commands to FTP

            private    var s:Socket

            //responce from FTP

            private    var ftpResponce:String;

            //socket for sending Data to FTP

            private    var dataChannelSocket:Socket;

            //responce from FTP when sending Data to FTP

            private    var dataResponce:String;

            //will hold the IP address of new socket created by FTP

            private    var dataChannelIP:String;

            //will hold the Port number created by FTP

            private    var dataChannelPort:int;

            private var user:String="userName";//FTP usernae

            private var pass:String="passWord";//FTP Password


            private function receiveReply(e:ProgressEvent):void{

            ftpResponce = s.readUTFBytes(s.bytesAvailable)

            var serverResponse:Number = Number(ftpResponce.substr(0, 3));


            //get the ip from the string response

            var temp:Object = ftpResponce.substring(ftpResponce.indexOf("(")+1


            var dataChannelSocket_temp:Object = temp.split(",");

            dataChannelIP = dataChannelSocket_temp.slice(0,4).join(".");

            dataChannelPort = parseInt(dataChannelSocket_temp[4])*256+


            //create new Data Socket based on dataChannelSocket and dataChannelSocket port

            dataChannelSocket = new Socket(dataChannelIP,dataChannelPort);

            dataChannelSocket.addEventListener(ProgressEvent.SOCKET_DATA, receiveData);


            //few FTP Responce Codes


                   case "220" :

                               //FTP Server ready responce


                   case "331" :

                             //User name okay, need password


                case  "230":

                              //User  logged in


                case "250" :

                            //CWD command successful


                   case "227" :

                                 //Entering Passive Mode (h1,h2,h3,h4,p1,p2).





            //for more please






            private function receiveData(e:ProgressEvent):void{

            dataResponce = dataChannelSocket.readUTFBytes(




            private function showError(e:IOErrorEvent):void{



            private function showSecError(e:SecurityErrorEvent):void{




            private function createRemoteFile(fileName:String):void{

            if(fileName!=null && fileName !=""){

            s.writeUTFBytes("STOR "+fileName+"\n");




            private function sendData():void{

            fileContents=fileRef.data as ByteArray;







            //initialize when application load

            private function upLoad():void {

            fileRef = new FileReference();

            //some eventlistener

            fileRef.addEventListener(Event.SELECT, selectEvent);

            fileRef.addEventListener(Event.OPEN, onFileOpen);


            //this fucntion connect to the ftp server


            //send the usernae and password



            //if you want to change the directory for upload file

            //this.changeDirectory("/public_html/");   //directory name

            this.changeDirectory("/html/TEST/FlexFTP/uploader/");                  //directory name  sample shows /public_html/  show I am using my root path?????

            //enter into PASSV Mode






            private function onFileOpen(event:Event):void {



            private function traceData(event:Object):void {

            var tmp:String = "================================\n";

            ta.text +=event.toString()+ "\n" ;

            ta.verticalScrollPosition += 20;


            private function ioErrorEvent(event:IOErrorEvent):void{

            Alert.show("IOError:" + event.text);


            private function selectEvent(event:Event):void{

            btn_upload.enabled = true;

            filename.text = fileRef.name;



            private function uploadFile():void {




            private function connect():void{

            s = new Socket("ftp.myDomain.org",21);                                                  //Socket("ftp.anydomain.com",21);

            //s = new Socket("ftp.yourdomain.com",21);                                             //Socket("ftp.anydomain.com",21);

            s.addEventListener(ProgressEvent.SOCKET_DATA, receiveReply);

            s.addEventListener(IOErrorEvent.IO_ERROR, showError);

            s.addEventListener(SecurityErrorEvent.SECURITY_ERROR, showSecError);





            private function onSocketConnect(evt:Event):void {



            private function onSocketClose(evt:Event):void {



            private function onSocketAtivate(evt:Event):void {



            private function userName(str:String):void {

            sendCommand("USER "+str);


            private function passWord(str:String):void {

            sendCommand("PASS "+str);


            private function changeDirectory(str:String):void {

            sendCommand("CWD "+str);


            private function sendCommand(arg:String):void {

            arg +="\n";






            <mx:Panel id="up" horizontalAlign="left" width="100%" height="100%">

            <mx:Box width="100%" height="100%">

            <mx:VBox >

            <mx:Form  width="449" height="284">

            <mx:FormItem label="Selected File:">

            <mx:Label id="filename"/>


            <mx:FormItem >

            <mx:Button width="80" label="Browse" click="fileRef.browse()" />

            <mx:Button width="80" label="Upload" id="btn_upload" enabled="false"

                click="uploadFile()" />

            <mx:Button width="80" label="Cancel" id="btn_cancel" enabled="false"

                click="fileRef.cancel()" />



            <mx:HRule width="100%" tabEnabled="false"/>

            <mx:FormItem label="Events:">

            <mx:TextArea id="ta" width="260" height="98" />







            • 3. Re: ftp Security Sandbox Violation?

              I have the exact same problem. I try to connect to an FTP server by using sockets, everything works perfectly locally but I get the same error when I deploy and run it on the server.


              SWF location is http://spiix.dommel.be/restaurant/RestaurantSite.swf

              FTP location is spiix.dommel.be  on port 21

              crossdomain.xml location is http://spiix.dommel.be/restaurant/crossdomain.xml


              I even added


              to the code, to no avail.


              error :

              Socket security error : Error #2048: Security sandbox violation: http://spiix.dommel.be/restaurant/RestaurantSite.swf cannot load data from spiix.dommel.be:21.



              Any help would be apreciated (even disabling the entire security thing completely, in my case it doesn't have to be secure AT ALL).

              • 4. Re: ftp Security Sandbox Violation?
                EWN-CMI Level 1

                I got around the issue by not using Flex, but am using php to handle the file/folder functions on the server.  My issue was that if I tried to create folders from Flex non-ftp that the permissions on the server were set to Apache which limited my access to manage any uploaded data.  If I create the folder through an ftp session then I can upload to that folder from Flex without issue and I am still the owner, so I just check to see if a folder needs to be created and if it does I use the php-ftp functions to create the folder before I process the Flex uploaded file.  Seems to be working fine.  I would have liked sockets to work but for this project no time to try to figure out the Security problem, when I thought my stuff was correct to start with.   Thanks to all, I would like to know what my problem was if anyone knows but now it's more for future reference.

                • 5. Re: ftp Security Sandbox Violation?
                  Flex harUI Adobe Employee

                  Did you follow the instructions on socket policy files?


                  FWIW, I’ve used AIR (which has different security rules).  I get occasional errors, but it works most of the time.