Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to deal with FlexSocket security sandbox conflicts

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

Editor to share with you how to deal with FlexSocket security sandbox conflicts, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's learn about it!

FlexSocket Security Sandbox conflict and its solution

This is one of the widely reviled features of FP, and its design is terrible. Adobe seems to think that 9 seconds is a short time for users.

1. Poor design may cause users to waste 9 seconds

When FlexSocket connects to SocketServer, javaSocket, c++Socket, or others will first open a Socket port 843 to connect to the host to request a security policy file, which takes 3 seconds. If this step is not successful, it depends on whether the developer has explicitly called Security.loadPolicyFileAPI, as follows

Security.loadPolicyFile ("xmlsocket://127.0.0.1:1843")

If so, try loading policy data from this port again for another 3 seconds. If OK fails in this step, try to load the security policy again from the FlexSocket host port defined by the developer, and a request will be sent:

If the SocketServer does not process the request, the client will not be able to complete the FlexSocket connection further. The process takes another 3 seconds. If the software is not designed properly, the client will waste 9 seconds to know if it has a Server connection license, which is a bit expensive. If the FP successfully loads the security policy data, it discards the socket used (even if requested from the host port), and then executes the developer's socket connection logic.

2. Reasonable scheme, realized by java

Open a single port 843 on the SocketServer side to provide security policy files specifically to the client. The sample code for java is as follows:

Packagesban.socketServer; importjava.io.BufferedInputStream; importjava.io.BufferedReader; importjava.io.File; importjava.io.FileInputStream; importjava.io.IOException; importjava.io.InputStreamReader; importjava.io.PrintWriter; importjava.net.InetSocketAddress; importjava.net.ServerSocket; importjava.net.Socket; importjava.net.SocketAddress; importjava.net.URL / * sbanpolicyserverforflex/flashsocket * * @ authorsban * * / publicclassSbanSocketPolicyServer {publicSbanSocketPolicyServer () {} publicstaticStringreadFileAsString (Stringurl) throwsjava.io.IOException {byte [] buffer=newbyte [(int) newFile (url). Length ()]; BufferedInputStreamf=newBufferedInputStream (newFileInputStream (url)); f.read (buffer); f.close (); returnnewString (buffer);} publicstaticvoidmain (String [] args) throwsIOException {ServerSocketserver=newServerSocket () SocketAddressendpoint=newInetSocketAddress (127.0.0.1); server.bind (endpoint); Stringpath=SbanSocketPolicyServer.class.getResource (".. /.. / crossdomain.xml"). GetPath (); System.out.println (path); Stringpolicy=readFileAsString (path); while (true) {System.out.println ("waitforclient..."); Socketsocket=server.accept (); BufferedReaderin=newBufferedReader (newInputStreamReader (socket.getInputStream ()); PrintWriterout=newPrintWriter (socket.getOutputStream () Strings=in.readLine (); System.out.println (s); if (s.indexOf ("policy-file-request") >-1) {out.print (policy+'\ 0'); out.flush (); in.close (); out.close (); System.out.println ("sendedpolicycontext."); socket.close ();}

The sample code for the crossdomain.xml file is:

Place the crossdomain.xml file with the execution file

3, you can borrow the jar execution file

Sban exports the above java as an jar executable:

SbanSocketPolicyServer.zip5.8KB

Under Windows, make sure that the java environment is installed, set the environment variables, and execute the following command in the command line window:

Java-jarSbanSocketPolicyServer.jar

Note: this java program is not optimized and is only used as a tutorial example and is not recommended for use in commercial projects.

These are all the contents of the article "how to deal with FlexSocket Security Sandbox conflicts". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report