Posts Tagged policy

Flash, sockets and policy-file-request

If you are making a flash client for your protocol or server and receive <policy-file-request/>. on your server (let’s say with a sniffer), that’s because flash version newer than 9.0.115 has changed the security policy.
Here is the explanation of the new security policy. In brief, the flash application tries to connect to port 843 of the server where the socket needs to be connected to fetch a crossdomain.xml .
This article explains how it works and gives two flashpolicyd (flash policy daemon), one version in perl, another one in python, they are both in that archive.
I also found one in ruby that handles timeouts and errors.

Maybe I will take the one in python, daemonize it, add better error handling, and will package it for ubuntu, but maybe only 🙂


Comments (1)