trouble connecting to SFS server using new Flash player

mariana · Post by **mariana** » 16 Dec 2007, 16:11

This question was posted last week inside another topic (Hi Smart fox on the web question) but it seems nobody saw it, or at least I got no answers; here it goes again as a new topic.

I have my game set up in two computers a PC and a Mac. The server is in the PC, (port 9339), as is the Apache web server.

Up to today, everything has been working 100% OK, until I had the rotten idea of changing the flash player in the Mac, and disaster struck: I cannot use my game from any browser in the Mac, it stops at "Connecting....." and then says "Cannot connect".

I can, however connect perfectly well if I execute the .swf file in the Mac, no problem there. Also, it works OK from all browsers in the PC and external users can connect OK via the web, I don't even know what browser they're using.

As it says in the docs, I've tried putting a crossdomain.xml file in the /htdocs folder in the Apache2.2 folder (where my .swf files are), as follows:

Code: Select all

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

it didn't work. Then I tried the other solution proposed in the documentation, a statement:

Code: Select all

System.security.loadPolicyFile("xmlsocket://192.168.0.11:9339")

before the connect statement; it did not work either.

Maybe I'm confusing the internal and external addresses in all these statements. Internally, my IPs are :
for the PC 192.168.0.11;
for the Mac 192.168.0.10;
externally my address is 82.236.98.22;
the connect statement in the .swf file is:

Code: Select all

var IP:String = "82.236.98.22"
var port:Number = 9339
var zone:String ="arts"

smartfox.connect(ip,port)

the SFS config file looks like this:

Code: Select all

<SmartFoxConfig>
   
   <ServerSetup>
      
      <ServerIP>192.168.0.11</ServerIP>
      <ServerPort>9339</ServerPort>
      
      <AutoSendPolicyFile>true</AutoSendPolicyFile>
      <MaxUserIdleTime>1800</MaxUserIdleTime>
      
      <PolicyAllowedDomains>
         <AllowedDomain>127.0.0.1</AllowedDomain>
         <AllowedDomain>192.168.0.10</AllowedDomain>
         <AllowedDomain>192.168.0.11</AllowedDomain>
      </PolicyAllowedDomains>

Another thing I tried is using the Adobe settings_manager Global Security Settings to enable 192.168.0.10, 192.168.0.11 and 82.236.98.22.

I'm really at the end of my wits; can anybody please explain what is going on?

Thank you,
Mariana

Asphalt · Post by **Asphalt** » 16 Dec 2007, 16:39

Looks like there were some security changes in the Flash Player 9 r115 - of particular interest is the Socket Policy File changes.

Security Changes in Flash Player 9 - Socket Policy Files
Configuring Socket Policy

I'm still waiting for SFS 1.6 to be released before trying it non-locally, so I haven't tried to implement these changes yet, but hopefully you'll find it helpful. Please post any results you may discover.

mariana · Post by **mariana** » 16 Dec 2007, 18:42

Thank you, Asphalt, I've read part of the pages you pointed me to, and I think you're right, that is surely the problem, as the Flash player I downloaded to my Mac is version 9,0,115,0 (I was NOT given any warning of the changes in security policy before the download!!!!)

I understand the overall problem but, not being a security specialist (just a simple actionScript programmer) I feel a bit nervous about fooling around with these settings; I would rather wait until one of the SFS support people (e.g. Lapo) tells us how to go about making SFS-served games available to users of Flash player 9 and above in a secure manner....

Thanks,
Mariana

Post by **Lapo** » 17 Dec 2007, 07:20

Unfortunately I can't add much as of now. If the Flash Player has new restrictions, Flash applications will have to comply with them.

I have a personal "repulsion" for the whole Flash security policy thing and how it's implemented. Many people complain about how the Player silently stops communication leaving the user clueless.
I bought the Moock's Actionscript 3 book and his section on the security is at least 40 pages long!

Anyways, sorry for my rant, I didn't have time to read the latest changes as we were very busy preparing the new release. All I can do is recommend to go through their documentation.

We'll check it asap and see if and what needs to be changed on our side

mariana · Post by **mariana** » 17 Dec 2007, 08:29

Thank you Lapo, I can wait until you're free to look at it, I'm sure you'll be a LOT more efficient about it than I would be, and I still have a lot of work to do in my project which I can do by just using the PC or playing from the .swf in the Mac.... but please let us all know as soon as you have a solution to this situation

And I feel the same way about the whole Flash security paranoia....
Mariana

thinkaboutit · Post by **thinkaboutit** » 29 Dec 2007, 20:19

I've also been trying to figure this out and I have skimmed through most of the online docs about how fantastic the security feature on the new flash player is and all that.

While trying to stay awake during the process of reading though the unnecessarily long docs I have come to the conclusion of "why do some people use the online dictionary to find the biggest and most complex sequence of words they can find to try to confuse other people about what they are reading, because it only makes it look like the original writers have no idea what they are talking about themselves and their goal is only to confuse the reader"

.

Please excuse me for the previous paragraph but on a serious note I still am unable to connect a client to the SFS pro using the loadpolicyfile. If anyone has got this to work please post it so that others such as myself can use it.

I would also like to add that I have never had a problem with this in the past using as2/sfs pro...my current attempts that are not successfully are with as3/sfs pro. And yes i have gone through the sfs docs and examples.

Post by **Lapo** » 30 Dec 2007, 18:38

Have you recently updated to the latest Player 9 ? (should be 9,0,115,0)
I haven't had the time and the courage to check the new Adobe security docs ...

It's on my priority list for the very beginning of the new year.
Btw ... happy 2008

Murda · Post by **Murda** » 31 Dec 2007, 08:46

hey guys
i had a problem connecting to sfs pro and i added this code:

Code: Select all

System.security.loadPolicyFile("xmlsocket://62.219.197.32:9339")

and now i installed the new flash player and everything works fine for me.

i had a problem mainly with IE but after using the code its fine.

altho like i stated in my post some users with or without the latest release just cant seem to connect =O/

turtlesoup · Post by **turtlesoup** » 31 Dec 2007, 23:11

The problem is that Flash now requires a socket policy file and it needs to be served over port 834. If your web server and SFS server are on the same machine you need to create a master socket server policy now.

Here is an example from Adobe:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="mysite.com" to-ports="999,8080-8082"/>
</cross-domain-policy>

all you need to do is replace the domain part with your domain name and change the ports to whatever ports your SFS accepts.

Then that file needs to be served from SFS over port 834. But I don't see anything in the SFS docs that allows you to specify the policy file and what port it is served on.

If it doesn't allow you to specify a separate policy port from the connection port, that would be bad. SFS needs to allow a master socket policy file to be served over port 834.

BTW, this socket policy file is NOT the same as a http domain policy file. Up until now Flash would use http policy files as a socket policy file.

mariana · Post by **mariana** » 04 Jan 2008, 15:05

Murda said:

hey guys
i had a problem connecting to sfs pro and i added this code:

System.security.loadPolicyFile("xmlsocket://62.219.197.32:9339")

and now i installed the new flash player and everything works fine for me.

one question, Murda: where did you add the code? in the .fla file? or in the SFS configuration file? or in the webServer configuration file? I tried the statement in the .fla file, just before the smartfox.connect(ip, port) statement, and again it didn't work. I read Turtlesoup's message and I must confess I understand very little of what he says.

I'm still anxiously waiting or Lapo's response, meanwhile I can work around the problem by double-clicking on the .swf file, i.e. without using a browser...but I need to solve this before going on-line with the game.

Thanks for all the answers, and a very HAPPY 2008 for all!
Mariana

Post by **Lapo** » 04 Jan 2008, 15:30

turtlesoup:

Then that file needs to be served from SFS over port 834. But I don't see anything in the SFS docs that allows you to specify the policy file and what port it is served on.

You can set SmartFoxServer to run on port 834.
About setting the specific contents of the policy you can setup a simple extension that overrides the default settings.
All you need to do is put this code in your init() method:

Java example:

Code: Select all

public void init()
{
   SmartFoxServer.getInstance().setCrossDomainPolicy("policy-XML-here")
}

Actionscript example:

Code: Select all

function init()
{
   _server.instance.setCrossDomainPolicy("policy-XML-here")
}

If you don't want to hard-code the policy xml in your extension you could simply store it in a file in the Server/ folder and load it before calling the setCrossDomainPolicy() method.

We're going to provide a patch that will simplify this process once we've gone through the 30 pages long security document and we've performed the necessary tests

Post by **Lapo** » 04 Jan 2008, 15:31

Mariana could you confirm that your flash player version is version 9,0,115,0 ? Thanks

p.s. = your avatar points to an url -> http://82.236.98.22/zorrito.jpg
which is password protected. So each time we open this page we're prompted a password. Could you fix it ?

Thnx

Post by **Lapo** » 05 Jan 2008, 13:47

We have started doing the first tests with the latest policy changes.
As of now it looks like the crossdomain.xml served via http works okay in most cases.

Test Page

Check this post and let me know if the connection test works for you.
If it does you should try to replicate the "configuration" we have used.

Additionally the BlueBox is active, so if you can temporarily block port 9339 on your side, you can also check it.

turtlesoup · Post by **turtlesoup** » 07 Jan 2008, 19:45

Hey Lapo,

thanks for the reply. With the patch you guys are planning would it be possible to add the ability to
a) specify the policy file name and have the server use that automatically. (without having to load the file in a extension)
b) allow us the option to specify the policy port (i.e. 834) while allowing SFS connections on a different port.

That way we would could continue to use multiple SFS on the same IP address but different ports while always serving the policy file over 834.

Hmmm, is that even possible for multiple SFS behind the same IP address to all server the policy over 834?

mariana · Post by **mariana** » 08 Jan 2008, 16:21

Lapo:
I'm sorry I've been away & missed your request to fix my password file... if its OK with you, I'd prefer to give you a usercode/pwd in a direct e-mail (as opposed to posting it here...)

If you still think its useful, send me an email address and I'll send you the instructions

Thanks,
Mariana