« Adobe needs solid Flash/Flex developers | Main | Cool March Madness Mashup Contest -- Flex Entries Needed »
March 10, 2008
Please review the Flash Player Security article
Does your Flex app rely on a crossdomain file anywhere? Are you using sockets? Do you call out to JavaScript? If any of these hold, please make sure to review the Player 9 Security Update article which explains some upcoming changes that you may need to take into consideration. We try not to break existing content, but in this case there may be some changes you'll need to make, primarily in your crossdomain settings.
Read the article for more info.
Posted by mchotin at March 10, 2008 04:46 PM
Trackback Pings
TrackBack URL for this entry:
http://weblogs.macromedia.com/mtadmin/mt-tb.cgi/9301
Comments
> the hosting HTML by any means
Does this "HTML" include XML?
Does this mean *.html, *.xml, *.cfm, *.php, *.jsp and so on??
Posted by: Shigeru at March 11, 2008 12:03 AM
I figured out "the hosting HTML by any means", sorry. Remove my comments. thanks
Posted by: Shigeru at March 11, 2008 12:09 AM
I recall reading the security articles back when they were published for the Flash Player version 9,0,115,0. It seemed to me that a socket policy file would be loaded from only port 843, but then if specified connect on a different port. It seems like Adobe has backed down from this now? It looks like I can load the socket policy file now from any port on my domain, is that true?
Posted by: Mark Haliday at March 11, 2008 07:02 AM
It appears to try both 843 and the selected port.
The order of attempts is unspecified, and I'm certainly running into cases where 843 socket fails, the desired port works, but it seems to prevent the socket anyway. (but only on our live server, not in staging ones. And only for the embedded, not for the standalone .swf)
Posted by: MobiusKlein at March 13, 2008 12:14 PM