XML socket policy files on ports

Mailing List

Home

Flash Pro

Extending Flash

Flash Macromedia Developer

Subjects

•	Firework Effect
•	setInterval bug identified and fixed
•	setInterval bug identified and fixed
•	ScrollPane component doesn 't auto update
•	Help: MX 2004 How to script a print button to print the entire sli
•	Event Dispatcher between classes
•	memory management removeMovieClip /
•	MX2004 Dataset itemClassName
•	Order of events per frame
•	XML to Object help
•	Textfield prototype question
•	Flash and QuickTime VR
•	Reading and displaying RSS feeds in Flash MX
•	Flash MX 2004 Sucks
•	AW: [Flashcoders] Switch/Case vs If/else
•	AW: [Flashcoders] Switch/Case vs If/else
•	Flash Interface with 10mb xml file
•	Web Service Results
•	Listener Object 's best practice

XML socket policy files on ports < 1024 (SECURITY ISS

XML socket policy files on ports < 1024 (SECURITY ISS

2004-02-17 - By Jayson K Hanes

Back
Sounds good.. no problem on the name.. tis a common occurrence :)

Anyways.. doesn 't this excerpt explain it better context-wise?

<snip >
When a policy file comes from a port less than 1024, it may grant access
to any ports; when a policy file comes from port 1024 or higher, it may
only grant access to ports 1024 and higher. The allowed ports are
specified in a to-ports attribute in the <allow-access-from > tag.
</snip >

You are loading the policy file from http, aka port 80.. thus access to
ports below 1024 are granted (apparently) if you don 't explicitly limit
them yada yada...

...however, I will yield to the fact that it 's 5:30 am here, and I 've
(As usual) been up all night -- perhaps I 'm missing the mark on your
issue and sleep will clear me up.. but I think seeing your issue as you
see it will result in the path-of-least-resistance solution.. unless
someone else jumps on the thread seeing a more relevant correction..

-Jayson

> -- --Original Message-- --
> From: Paul Lemon [mailto:paull@(protected)]
> Sent: Tuesday, February 17, 2004 5:30 AM
> To: flashcoders@(protected)
> Subject: RE: [Flashcoders] XML socket policy files on ports < 1024
> (SECURITY ISSUE?)
>
> Jayson,
>
> apologies for misspelling your name!
>
> I will try get a sample of this running outside of our intranet later
> today. I will mail you offlist then.
>
> Paul

=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104426
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)