I spoke too soon. The 3 second delay still exists and when I set up
the Swf policy file debugger for Windows...the Flash player outputs
this. My concern is that first warning. According to the docs, calling
Security.loadPolicyFile() to the domain and port (which line 2 says
happened ok) should fix everything. I just updated my Windows XP,
which I read somewhere upgrades the flash player. I still have the
debug version though. This is all a mess to me.

OK: Root-level SWF loaded: http://my.domain.com:9080/xms-app/xms.swf
OK: Policy file accepted: http://my.domain.com:9080/crossdomain.xml
Warning: Timeout on xmlsocket://my.domain.com:843 (at 3 seconds) while
waiting for socket policy file.  This should not cause any problems,
but see http://www.adobe.com/go/strict_policy_files for an explanation.
Warning: [strict] Requesting socket policy file from
xmlsocket://my.domain.com:9080 due to socket connection request from
SWF at http://my.domain.com:9080/xms-app/xms.swf.  See
http://www.adobe.com/go/strict_policy_files if this causes problems.
Warning: Timeout on xmlsocket://my.domain.com:9080 (at 3 seconds)
while waiting for socket policy file.  This should not cause any
problems, but see http://www.adobe.com/go/strict_policy_files for an
explanation.
Warning: SWF from http://my.domain.com:9080/xms-app/xms.swf will be
permitted to connect to a socket in its own domain without a policy
file.  This configuration is deprecated.  See
http://www.adobe.com/go/strict_policy_files to fix this problem.
Warning: SWF from http://my.domain.com:9080/xms-app/xms.swf will be
permitted to connect to a socket in its own domain without a policy
file.  This configuration is deprecated.  See
http://www.adobe.com/go/strict_policy_files to fix this problem.
--- In flexcoders@yahoogroups.com, "e_baggg" <[EMAIL PROTECTED]> wrote:
>
> Actually, I stand corrected. Once I added in my port # to the
> cross-domain...it worked. Thanks again gang! Big help!
> 
> 
> <cross-domain-policy>
>   <allow-access-from domain="*" to-ports="9080,8080"/>
> </cross-domain-policy>
> 
> 
> 
> --- In flexcoders@yahoogroups.com, "e_baggg" <e_baggg@> wrote:
> >
> > Thanks for your response...I have a full access cross domain on my
> > server and loading it via Security.loadPolicyFile() does nothing as
> > well. Hmm...
> > 
> > <cross-domain-policy>
> > <allow-access-from domain="*"/>
> > </cross-domain-policy>
> > 
> > --- In flexcoders@yahoogroups.com, å`¨æŒ¯å®‡ <zhenyu.zhou@> wrote:
> > >
> > > When you use a socket or xmlsocket in a remote swf file,
> > > flashplayer would send a policy-request to the server.
> > > Check 
> > >
> >
>
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html
> > > 
> > > When you run it locally, flashplayer won't do this.
> > > 
> > > I'm not sure if this is the reason.
> > > Maybe you should call Security.loadPolicyFile() yourself and let
the 
> > > server give it a correct respond.
> > > 
> > > 
> > > Josh McDonald wrote:
> > > >
> > > > It sounds to me like your server is simply holding the
> connection for 
> > > > a few seconds in order to prevent brute-force password attacks.
> > > >
> > > > -Josh
> > > >
> > > > On Wed, Jun 11, 2008 at 6:23 AM, e_baggg <e_baggg@ 
> > > > <mailto:e_baggg@>> wrote:
> > > >
> > > >     This is baffling me. For authentication reasons, I am doing
> all my
> > > >     HTTP traffic via a custom flash.net.Socket where I create and
> > parse
> > > >     the HTTP request/response myself (using Digest authorization).
> > > >     Everything works fine when I run the generated html/swf files
> > locally,
> > > >     but once I deploy them to the unprotected part of a
> webserver, the
> > > >     response connection is not dropped by the server for several
> > seconds.
> > > >     I do a GET and receive the 401 immediately...send the same GET
> > request
> > > >     again with the Digest info. I receive the correct response
> > from the
> > > >     server immediately but the socket is not closed for 4 seconds
> > by the
> > > >     server. Has anyone seen this?
> > > >
> > > >     I have "Connection: close" in my request but the socket is
> > still kept
> > > >     open. If I access this URI via browser URL bar, the delay
is not
> > > >     there. I sniffed the packets and even if I mimic the request
> > String
> > > >     exactly, the socket still hangs for 4 seconds. I suspect I
> am not
> > > >     closing the socket request, though '\r\n\r\n' seems to be the
> > standard
> > > >     (and it works when it runs locally). Any ideas???
> > > >
> > > >     Here is my exact request that hangs though the 200 response is
> > > >     received immediately:
> > > >
> > > >     GET /myapp/mydata.xml HTTP/1.1\r\n
> > > >     Host: www.mydomain.com <http://www.mydomain.com>\r\n
> > > >     Content-Type: application/x-www-form-urlencoded\r\n
> > > >     Keep-Alive: 1\r\n
> > > >     Connection: close\r\n
> > > >     Cookie: JSESSIONID=8CCB32BBEDB875F082709FE17AA93679;\r\n
> > > >     Authorization: Digest username="user1", realm="MYAPP",
> > > >    
> >
>
nonce="MTIxMzEyODYwOTE0MDo1Njg5NTllYTUxMDYyN2VmNGNmMjViMTA4MDFiMDRjMA==",
> > > >     uri="/myapp/mydata.xml",
> > response="1175bbe7d5840a0d94fb5de3ef16a2a3",
> > > >     qop=auth, nc=1, cnonce="0a4f113b"\r\n\r\n
> > > >
> > > >
> > > >
> > > >
> > > > -- 
> > > > "Therefore, send not to know For whom the bell tolls. It tolls for
> > thee."
> > > >
> > > > :: Josh 'G-Funk' McDonald
> > > > :: 0437 221 380 :: josh@ <mailto:josh@>
> > > >
> > >
> >
>


Reply via email to