XML socket policy files on ports < 1024 (SECURITY ISSUE?)

Mailing List

Home

Flash Pro

Extending Flash

Flash Macromedia Developer

Subjects

•	Firework Effect
•	setInterval bug identified and fixed
•	setInterval bug identified and fixed
•	ScrollPane component doesn 't auto update
•	Help: MX 2004 How to script a print button to print the entire sli
•	Event Dispatcher between classes
•	memory management removeMovieClip /
•	MX2004 Dataset itemClassName
•	Order of events per frame
•	XML to Object help
•	Textfield prototype question
•	Flash and QuickTime VR
•	Reading and displaying RSS feeds in Flash MX
•	Flash MX 2004 Sucks
•	AW: [Flashcoders] Switch/Case vs If/else
•	AW: [Flashcoders] Switch/Case vs If/else
•	Flash Interface with 10mb xml file
•	Web Service Results
•	Listener Object 's best practice

XML socket policy files on ports < 1024 (SECURITY ISSUE?)

XML socket policy files on ports < 1024 (SECURITY ISSUE?)

2004-02-17 - By Jayson K Hanes

Back

Reply: 1 2 3

Hmm.... you are *supposed* to force a loadPolicyFile..

<snip >
To connect an XMLSocket to a port lower than 1024, you must always first
load a policy file with loadPolicyFile, even when your movie connects to
its own exact domain.
</snip >

So.. no its not my exact experience because I 've only "done this " the
way I 1st learned about "how to do it " back when 7.0.19 came out...

Hmm.. More coffiene, and more thoughts in a little bit.

-Jayson

> -- --Original Message-- --
> From: Paul Lemon [mailto:paull@(protected)]
> Sent: Tuesday, February 17, 2004 12:45 PM
> To: flashcoders@(protected)
> Subject: RE: [Flashcoders] XML socket policy files on ports < 1024
> (SECURITY ISSUE?)
>
> Jayson,
>
> I have checked this again and the procedure appears to be.
>
> 1. Try to connect to any port > 1024
>
> 2. Regardless of the success or failure of this. Trying making a
> connection to port 60, this will be permitted. this also works in my
> initial tests for port 80 and presumably any other port on which there
is
> a process listening for socket connections.
>
>
> I 'm not too worried about the security issue per se more worried about
> getting my flash movie to connect a port number <1024. From the
> documemtation it should request the policy file from the xml server
when
> an attempt is made to connect to the port. As far as I can see this
isn 't
> happening and will require a specific loadPolicyFile request to be
made.
> Is this your experience?
>
> I think macromedia should have a look at this because it does look as
if
> their security software is buggy. There is the potential for someone
to
> write a flash movie which can start connecting to ports <1024 in an
> attempt to use the applications that listen down on those ports for
other
> reasons than making multiplayer flash movies.
>
> Paul

=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Supported by Fig Leaf Software
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
Be sure to check the archives and the wiki:
http://chattyfig.figleaf.com/
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
http://chattyfig.figleaf.com/cgi-bin/ezmlm-cgi?1:mss:104530
=-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
To unsubscribe send a blank e-mail to:
Normal Mode: flashcoders-unsubscribe@(protected)
Digest Mode: flashcoders-digest-unsubscrive@(protected)