Thanks for the prompt reply and suggestion. I will try to get the cross domain.xml file of the production server and need to figure out how to create one for my development server.
Would this http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html be a good starting point for knowing about the cross domain policy file which can help a newbie like me come to speed or there are other better links? Thanks for the wishes, advice and your time. ________________________________ From: Laurence MacNeill <[email protected]> To: [email protected] Sent: Thu, September 16, 2010 2:52:44 PM Subject: Re: [AFFUG Discuss] newbie question: creating a release build and moving files to production If the production server is currently hosting secure Flash content, then it almost certainly has a crossdomain.xml file - which would be a good thing to look at, because you're going to need a crossdomain.xml file for your development server when you install a security cert there. Good luck! Security is not a fun thing to deal with -- I don't envy you your task. L. On Sep 16, 2010 2:47 PM, "Chris H" <[email protected]> wrote: > Thanks Laurence, > > > > > 1. In my Flex source code, I have in various files >> >><mx:RemoteObject id="myServices" >> destination="ColdFusion" >> source="famous.connectors.mycfcfile" >> showBusyCursor="true" >> fault="Alert.show(event.fault.faultString, 'Error')"> >> >> >>Do I need to change the destination to SecureColdFusion in above code or if I >>make the changes I mentioned in remoting-config.xml it will be sufficient? >>Sorry, if my question is naive. >> >> > > > The destination in your RemoteObject is where it will send all ColdFusion > requests -- if that destination is named ABCXYZ123, it doesn't matter, as > long > as that destination exists in your remoting-config.xml file and its > channel-ref > > is set to "my-cfamf-secure". So, whatever changes you decide to make to your > .xml files, just make sure that the destination name is set the same in both > your Flex program and the CF .xml files... > > Thanks for clarifying, so I what I thought needs to be done is fortunately > correct. > > > > The cool thing is -- if you want some of your CF requests to be secure, and > others not to be (because secure channels are usually slower), you simply >create > > two destinations in your remoting-config.xml file -- one that points to >my-cfamf > > and the other one that points to my-cfamf-secure. Then set the destination > in > your Flex code accordingly... > > Thanks, I did not know that could be done. > > > > >> >>4. How do I create a secure server-cert so that I can use it on the >>development > >>machine? I looked at http://msdn.microsoft.com/en-us/library/ms751408.aspx >>and >>but don't have Visual Studio installed so don't have the makecert.exe. I am >>using IIS 5.1 on a Win XP Professional OS. >> > > I used WinServer 2003, with IIS 6, so I had all that stuff installed > already... > > Unfortunately I can't help you with IIS 5.1 and Win XP... I have no > experience > > with that... Maybe you can upgrade to IIS 6.0? I'm honestly not sure if > that > would even solve the problem -- all I know is my WinServer 2003 box came with > IIS 6.0 installed, and had all the stuff I needed to make a cert of my own... > Then I had to add it to my trusted-certs store in each of my browsers on each >of > > the machines I use... Fun! (NOT!) > > I saw a link http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html and > have to try it out. Hope it works fine. > > > > > > One last thing I should mention -- you will have to create a cross-domain >policy > > file... crossdomain.xml It's different for each specific server that >you're > > going to be working with, so you can't use the same one from > server-to-server. > (And your production server, if it's serving any other Flash-related stuff, > should already have one.) So you'll have to do a bit of research to figure > out > > how to set up your own crossdomain.xml file, if you don't already have one... > If you don't have a crossdomain.xml file in the root of your web-server, > Flash > Player will refuse to load secure content, in most cases... Or it will > constantly give you "Do you trust this site?" messages... Either way, not > good. So lookup crossdomain.xml and start reading. :-) > > The production server currently is hosting the earlier version of this > project > as secure content. Can I assume I should be OK? > > > Thank you for your time and advice. > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, simply email the list with unsubscribe in the >subject line > > For more info, see http://www.affug.com > Archive @ http://www.mail-archive.com/discussion%40affug.com/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, simply email the list with unsubscribe in the subject line For more info, see http://www.affug.com Archive @ http://www.mail-archive.com/discussion%40affug.com/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
