OK, I've been reading all the web content on the security changes that were implemented in 9.0.124.0. I'm more confused than ever. The security updates seem to apply to XMLSockets, and I'm not using these *unless* they are implicitly used by SOAP Web Services. Here is an example of web service code that works fine in versions prior to 9.0.124.0 but not since:
var ws : WebService = new mx.rpc.soap.WebService(); ws.loadWSDL(model_locator.APPLICATION_WEB_SERVICE_URL); ws.makeObjectsBindable = false; ws.useProxy = false; ws.login.resultFormat = "e4x"; ws.login.addEventListener(ResultEvent.RESULT, login_result); ws.login.addEventListener(FaultEvent.FAULT, app_commander.web_service_fault); ws.login.arguments.username = username.text; ws.login.arguments.password = password.text; ws.login(); >From what I'm reading, it sounds like I need a sockets policy file, although I'm not sure because this is a SOAP web service call over HTTP and as far as I can tell shouldn't be affected by the XML Sockets security update. To implement a master socket policy file seems like it requires me to configure the server with a special xmlsockets server that listens/responds on port 843. Any examples of implementing this on IIS/Windows Server? Am I missing something? Maybe I just need to update my crossdomain.xml file? I tried adding the "to-ports" to that but it's still not working. What do I need to do to get the soap web services working again?