I absolutely agree with all of you. We'll get it locked up tight - once we get it working. I don't have direct access to the server so I'm working with several people resolving the issue.
I'll post back once we get it fixed with the resolution (it may help someone else having the same issue). Thanks again! Dawn On Thu, Mar 25, 2010 at 2:18 PM, Douglas Knudsen <[email protected]>wrote: > couldn't agree more with Dean here, lock that thing up. > > http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html > <http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html>This > is a good ref on the topic. > > Also, I'd get Service Capture and verify that your SWF is indeed loading > the proper crossdomain.xml file as well as other traffic. > > Douglas Knudsen > [email protected] > > > > On Mar 25, 2010, at 11:41 AM, Dean H. Saxe wrote: > > FYI, opening up the cross domain policy to all sites is > doubleplusungood. (Sorry for the 1984 reference!) Lock it down to > the specific sites which need cross domain access, no more. > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not > given by his fathers, but borrowed from his children." -- John James > Audubon > > > > On Thu, Mar 25, 2010 at 7:39 AM, Robert Lash <[email protected]> wrote: > > Have you tested this with one domain or a static domain address? > > You might want to try that first to isolate the issues. > > > I actually never got a crossdomain policy to work with the "*" all settings > > but was successful with static domain names. > > Robert Lash > > > > On Wed, Mar 24, 2010 at 4:05 PM, Dawn Hoagland <[email protected]> > > wrote: > > > Background: > > We are running ColdFusion8 in a multi-server configuration under IIS. We > > have an application where we are attempting to allow our customer access > > through a proxy server. The domain of our internal server (for discussion > > sake) is dev.company1.org. The domain they are coming from is > > test.company2.com. > > > We receive the following error: > > Channel.Security.Error error Error #2048: Security sandbox violation: > > https://test.company2.com/system/app/bin/index.swf cannot load data from > > https://dev.company1.org/flex2gateway/. url: > > 'https://dev.company1.org/flex2gateway/' > > > All of my searches point to needing to add a crossdomain.xml policy file. > > I've created one (see below) that should allow any connection and placed it > > at the web root. > > > Am I missing something completely? > > > ----- begin crossdomain.xml ----- > > <?xml version="1.0" encoding="UTF-8"?> > > <!DOCTYPE cross-domain-policy SYSTEM > > "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";> > > <cross-domain-policy> > > <allow-access-from domain="*" secure="false" /> > > <allow-http-request-headers-from domain="*" headers="*" secure="false" > > /> > > </cross-domain-policy> > > ---- end crossdomain.xml --- > > > Thanks! > > > Dawn > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > >
