<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.company.com" />
</cross-domain-policy>
Also, I always find that sending the policy via the socket connection is much faster- no need for the client to load a xml file. I am pretty sure the specs for doing that is also in the first submitted link above. With how socket security works- it will always check for the policy first from the connecting socket server, then when that times out or fails it will try to find the policy file- I say cut out the middle man if you can.
What if its not cross domain idk what this means so heres my prob. I open my java server from desktop from a batch file once servers on I go on my site and I login on the client the server shows connection is made and in 2 seconds it quickly disconnects so do I still need that policy or do you know what could be. Im about to try your mini tut thanks for the reply so hard to get a reply from this type of post :/ ill give you feed back when im done setting up the policy crap.
man sorry about this I have no idea where to put the code im a noob with xml do you think you can edit this file for me and than send me it back with whatever it needs, thanks.
download:
Thanks for the reply, see this is what I never come to understand I dont know what you mean by uploading to the server. look at my file I just want to be able to turn on my server from my batch file and my client plays on a subdomain I made from weebly
I dont know what you mean by uploading to the server.
Okay, this is the typical layout for this type of thing:
html file embeds the swf.
html is hosted via a web server (apache or iis).
When the swf is loaded in the html file, it checks if it was hosted from a web server (compared to network run or locally run), then 'sets' its security policies.
When the swf is hosted on a web-server, and said swf connectes via a socket connection to any other program (c++,c#, java, phpcli, etc), the server's hosting the other program must have a 'policy file' that says 'oh yeah, this swf's server can in fact connect to this other given server'.
You can include the policy file in one of two ways:
Have in the ROOT of your domain's web server an xml file.
OR you can send the policy file when the client first connects to the socket connection.
The policy file is needed for socket connections, so that the following does not happens:
Hacker from website A, connects to Socket Server B.
Legitimate Client from website C, connects to Socket Server B.
The policy file allows that:
Hacker from website A is not listed on Socket Server B's Policy File, Access is denied.
Legitimate Client from website C is on Socket Server B's Policy File, Access is not denied.
The policy is not the 'only' defense againt cross domain exploiting (for instance you only want users from newgrounds.com to access your server, and not freegameswestolefromotherartists.info- or even worse wearetryingtobreakyourgame.biz). However if no other security is added you at least have this amount of control/security by default.
BUT:
if you are just running the socket server locally, and not hosting it over the internet- then no policy file is needed - Like for testing locally. However given that the nature of socket connections is to connect to remote computers/servers, then you will eventually want to have the policy file business all sorted out sooner or later.
Last edited by guardiankitty; 01-05-2012 at 07:19 PM.
sorry read your last part wrong, After re-reading what you guys have said I understand what you mean now is there any other way you guys can tell me other than having a web server because I dont have a web server only my server for my client. how would I attempt to do the other method you said which was
"OR you can send the policy file when the client first connects to the socket connection."
is there any other way you guys can tell me other than having a web server because I dont have a web server only my server for my client. how would I attempt to do the other method you said which was "OR you can send the policy file when the client first connects to the socket connection."
ok thanks for all your help, this doesn't give me all the code I think I need. I give up dude if you know how to do it this way please dude make it for me and put it in my zip I gave you Ive spent to long trying to get this to work about a year and a half
If you have spend a year and a half on this, (and are unable to make sense of the documentation that I have submitted to you), then you should just give up and find something better to do with your time.
You said you are locally testing the socket server- which does not require a cross domain policy file. So you are done.
If something does not work or the connection is dropping and never 'fully' connecting, then you need a cross domain policy file (sent over the network or in a file in the root of your web hosting directory).
I will not on principle write anything for you, if you are not willing to give it a shot yourself first.
A year and a half but like obviously with major pauses I have attemped so much this is why I have come to the point to asking you to do it for me I have never in my life asked anyone to write anything for me other than this because I dont like people doing it for me but I have struggled so much to get this to work man. people dont understand I dont have a root directory man I dont have a web server I need this done the other method please ill buy you the best damn beer of your life when I get my paypal account
people dont understand I dont have a root directory man I dont have a web server I need this done the other method please ill buy you the best damn beer of your life when I get my paypal account
Here, see attached. Place this in the same folder as the hosting socket server (the one in java- I think you said). AND ALSO remove the .txt bit at the end- it needs to be a a .xml file (but I can not upload xml up here on the forums).
With socket servers you usually dont connect to the localhost--- usually its between a client-server. So usually you eventually will need to type an address of some sort to be able to connect to the hosting server (the computer running the java socket server)- usually this is a domain name of some sorts.
If that address is not running a web server, then just 'print' the contents of the file I have attached when requested by the client swf (the socket should send: "<policy-file-request/>" then just wait for a bit).
I have worked a bit with java (and socket servers a bit), but honestly I jump around so many languages it would take me longer to find the exact code that you need, rather than you just using the above.
I hope this points you closer in the right direction,
Yeah been a long time since I played with this stuff- actually you need to have another socket server listening on port 843, that all it does is send the policy file.
Yeah sorry for the bum info in an earlier post- (its not in the host server like I asserted)