English 中文(简体)
as3 sandbox security violation with http://schemas.xmlsoap.org/soap/encoding/
原标题:

I implemented a gSoap c++ webservice-server to be accessed by Flash (as3) Everything runs smooth as long as i test the .swf locally, the .wsdl is loaded fine, and the communication works, even with the server running on an external ip already.

But the moment i put that .swf online - its coming up with sandbox security violations crying about the standard - schemas like that:

Error: [strict] Ignoring policy file at http://schemas.xmlsoap.org/crossdomain.xml 
due to incorrect syntax.  See http://www.adobe.com/go/strict_policy_files to fix this 
problem.

*** Security Sandbox Violation ***
Connection to http://schemas.xmlsoap.org/soap/encoding/ halted - not permitted from 
http://mydomain.com/main.swf
Error: Request for resource at http://schemas.xmlsoap.org/soap/encoding/ by requestor  
from http://mydomain.com/main.swf is denied due to lack of policy file 
permissions.

Can somebody help me with that problem ?

Or is there maybe a good way to define one simple webservice-method (like stringResult = command (stringSessionId, stringCommand, stringParams, stringResult)) without loading the .wsdl - file ? If i had that possibility i wouldnt have to stumble about that sandbox - stuff.

Any help appreciated.

最佳回答

Thanks for the comments. The real problem here is, that the gSoap - generated wsdl - file tries to "access" these domains all over the place, so that crossdomain - stuff is out of my hands. Anyway i solved the issue now by writing the wsdl by hand without all that wsdl gsoap mega bloating, so its just accessing the w3c.* domains and they ARE obviously crossdomained right.

问题回答

Crossdomain policy file is absent. It should be at this location. You are able to load wsdl from your local machine, because your sandbox is local trusted (i.e. most convenient sandbox). So currently I can t see any way to accomplish this in flash unless there is crossdomain policy file at the desired location.
But you can try Server Side Proxy Method for loading the wsdl.

Flash doesn t allow loading content from domains other than the one where your SWF is hosted unless those domains allow you to do it. Remote domains can choose to allow SWFs in your domain to load content from them using a crossdomain.xml policy file hosted at their web root.

Here are some sample policy files : YouTube, Twitter. Check the Adobe link on policy files to know more.

The error message "ignoring due to incorrect syntax" indicates that the policy file is present there but not well formed or has some syntax errors. But I cannot find anything at http://schemas.xmlsoap.org/crossdomain.xml.

Where is your web service hosted? What are you trying to load from http://schemas.xmlsoap.org/soap/encoding/?





相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

热门标签