Security changes in Flash Player 9.0.124.0
The latest security update to Adobe Flash player now makes it compulsory to have a socket policy file even if the application and the server are on the exact same domain. According to Adobe a crossdomain.xml file will no longer apply to socket requests, instead a separate socket policy file needs to be provided to the application. By default the application will first look for the policy file on port 843 and then on the port that the application is trying to open a socket to (the mud port in this case).
The following is the policy file that is used for the FMud demo server.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="bc-dev.net" to-ports="4000" /> </cross-domain-policy>
The FMud package has been updated to include a sample policy.xml file as well as a python script that will serve this file.
Use the following command to start the server.
./flashpolicyd.py --file=/path/to/flashpolicy.xml --port=843
Remember to allow a TCP server on port 843 in your server firewall.
Further details on the new security model can be found on the Adobe website. There are also more details on serving policy files as well as some more server scripts for download.
14th May 2008 at 01:22
[...] about it on my site and updated the download package with the necessary files and instructions. Security changes in Flash Player 9.0.124.0 | bc-dev.net That post has more detail as well as links to the Adobe documentation. The essential differences [...]
12th August 2008 at 21:06
I got the following error while trying to run flashpolicyd.py:
File “./flashpolicyd.py”, line 40
with file(path, ‘rb’) as f:
^
SyntaxError: invalid syntax
12th August 2008 at 22:38
Python helpfully tells you that the error occurs at the ‘with’ statement on that line. The ‘with’ statement is new in Python 2.5 so I would guess you are running an older version of Python.
27th January 2010 at 20:05
I get error: File must be specified when I run the .py file.
How do I exactly ‘use’ the file?
27th January 2010 at 20:42
You can use the command above, ./flashpolicyd.py –file=/path/to/flashpolicy.xml –port=843
This will start the flashpolicyd.py script listening on port 843 and read the flashpolicy.xml file that you specify. Obviously you need to change the file= part to the path where the flashpolicy.xml file is.
27th January 2010 at 21:50
In what do I put that?
The .bat that launches my MUD servers?
27th January 2010 at 21:56
It’s a shell command, so precisely how you run it depends on your operating system and your server configuration. I assume you’re using Windows if you have a .bat file and if you have Python 2.5 (or higher) installed on your Windows machine you should be able to run the server script in much the same way from the windows command prompt.
27th January 2010 at 22:15
Windows isn’t recognizing my ‘policy.bat’ as a valid batch command.
28th January 2010 at 11:44
You just need to run the python script from a command prompt in Windows, something like “python flashpolicyd.py –file=/path/to/flashpolicy.xml –port=843″ from the directory where the flashpolicyd.py file is. Make sure you have python installed and the python interpreter is in your PATH.
29th January 2010 at 06:59
Sorry but, ‘python’ isn’t recognized as a command prompt command.
29th January 2010 at 15:30
I guess that means you don’t have Python installed or that the interpreter is not in your path.