you only need a crossdomain.xml file on server A if you are trying to access content on server A from server B, note NO crossdomain.xml is needed on server B in this case. If your SWF is served from server A and your content is all on server A, no crossdomain.xml file is necessary.
Another thing to note, you can build your channels by hand in AS and remove the reliance on remoting-config.xml http://coenraets.org/blog/2009/03/externalizing-service-configuration-using-blazeds-and-lcds/ this is one example of the code for this. Douglas Knudsen [email protected] On Sep 16, 2010, at 12:35 PM, Laurence MacNeill wrote: > On Thu, Sep 16, 2010 at 11:02 AM, Chris H <[email protected]> wrote: > Laurence, > > Thanks a lot for the prompt reply, suggestions and wishes. > > 1. In my Flex source code, I have in various files > > <mx:RemoteObject id="myServices" > destination="ColdFusion" > source="famous.connectors.mycfcfile" > showBusyCursor="true" > fault="Alert.show(event.fault.faultString, 'Error')"> > > Do I need to change the destination to SecureColdFusion in above code or if I > make the changes I mentioned in remoting-config.xml it will be sufficient? > Sorry, if my question is naive. > > > The destination in your RemoteObject is where it will send all ColdFusion > requests -- if that destination is named ABCXYZ123, it doesn't matter, as > long as that destination exists in your remoting-config.xml file and its > channel-ref is set to "my-cfamf-secure". So, whatever changes you decide to > make to your .xml files, just make sure that the destination name is set the > same in both your Flex program and the CF .xml files... > > The cool thing is -- if you want some of your CF requests to be secure, and > others not to be (because secure channels are usually slower), you simply > create two destinations in your remoting-config.xml file -- one that points > to my-cfamf and the other one that points to my-cfamf-secure. Then set the > destination in your Flex code accordingly... > > > > 2. Yes, I understand users have to use https://myprogram.com rather than > doing http://myprogram.com which I am doing on my development box. Is that > what you meant? > > Yes, exactly. Secure calls to CF won't work unless the whole thing is > secured via https: > > > > 4. How do I create a secure server-cert so that I can use it on the > development machine? I looked at > http://msdn.microsoft.com/en-us/library/ms751408.aspx and but don't have > Visual Studio installed so don't have the makecert.exe. I am using IIS 5.1 on > a Win XP Professional OS. > > I used WinServer 2003, with IIS 6, so I had all that stuff installed > already... Unfortunately I can't help you with IIS 5.1 and Win XP... I have > no experience with that... Maybe you can upgrade to IIS 6.0? I'm honestly > not sure if that would even solve the problem -- all I know is my WinServer > 2003 box came with IIS 6.0 installed, and had all the stuff I needed to make > a cert of my own... Then I had to add it to my trusted-certs store in each > of my browsers on each of the machines I use... Fun! (NOT!) > > > > 5. My FlexBuilder presently in Project Properties has Flex Compiler, Root URL > as http://127.0.0.1/myprogram. After the secure cert is installed, I have to > change it to https://127.0.0.1/famous/ or would any other changes be required > in the Flex Builder, Project Properties? > > All I did was change the http: to https: in mine... Didn't have to change > the folder, because I was using the same folder as I did when I was working > on the project without https: > > > One last thing I should mention -- you will have to create a cross-domain > policy file... crossdomain.xml It's different for each specific server > that you're going to be working with, so you can't use the same one from > server-to-server. (And your production server, if it's serving any other > Flash-related stuff, should already have one.) So you'll have to do a bit of > research to figure out how to set up your own crossdomain.xml file, if you > don't already have one... If you don't have a crossdomain.xml file in the > root of your web-server, Flash Player will refuse to load secure content, in > most cases... Or it will constantly give you "Do you trust this site?" > messages... Either way, not good. So lookup crossdomain.xml and start > reading. :-) > > > L. >
