Main site  Forum  Search

Email contact  Register  Log in

Topic: XMLSocketServer and Crossdomain policy

Author	Message
neuroguy Joined: Nov 15, 2013 Posts: 4	Posted: Jan 16, 2014 12:42 AM    Post subject: XMLSocketServer and Crossdomain policy I'm trying to make a TCP connection using a flash application and I\"m running into a security issue. Usually, when connecting to a socket via flash over the web, I would include a crossdomain.xml file containing something like the following: <?xml version=\"1.0\" encoding=\"UTF-8\"?> <cross-domain-policy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd\"> <allow-access-from domain=\"*\" to-ports=\"*\" secure=\"false\" /> <site-control permitted-cross-domain-policies=\"master-only\" /> </cross-domain-policy> Is there a way to implement something like this with BioEra? Or, conversely, are there any plans to implement the new html5 web socket protocol using the java websocket api here? http://docs.oracle.com/javaee/7/tutorial/doc/websocket.htm Edit: Maybe a websocketserver that works similarly to the xmlnetsocketserver object?
jarek Joined: Oct 22, 2007 Posts: 1073	Posted: Jan 16, 2014 12:43 AM    Post subject: The security issue you are experiencing doesn't seem to be caused by BioEra. It appears like a limitation on Flash which is not able to connect to a normal socket server. The WebSocket is a higher level communication based on HTTP. So it looks like you are asking for a web server (rather than a socket server like with XmlSocketServer element), which would be of relatively limited use (even assuming it would be usable from Flash which we don't know). It is not impossible, but I doubt it will be added any time soon. The WebSocket is not even part of normal java distribution.
neuroguy Joined: Nov 15, 2013 Posts: 4	Posted: Jan 18, 2014 9:58 AM    Post subject: You're absolutely right that it's a limitation of flash and adobe's sandboxing. However, I implore you to look at creating an element that makes the data available for those applications. There are so many cool things that could come from it. Right now, programs served from the web can communicate in two ways -- sockets via a native browser api (websocket) or a workaround Through JavaScript (or flash or whatever) with the flash socket connection using a served security XML file. Currently with bioera, there seems to be no way to inject a server side cross domain file. With the open nature of bioera, don't you think that would open up some amazing possibilities? We could have applications based in JavaScript, served from the web, that receive streamed input from bioera on localhost. Web apps in the browser that can send events back to bioera. To me, it seems to be a logical step forward. For the flash workaround, it could be as simple as virtualizing a cross domain.xml file with the contents I provided along with the xmlserver element to make it work. Think of the possibilities!