Thanks ptw I will try to change my tomcat with ssl security for https and i will try.
On Tue, May 18, 2010 at 6:28 PM, P T Withington <[email protected]> wrote: > It sounds like Adobe have changed their policy to eliminate this insecure > configuration altogether. So it seems you will have to debug using HTTPS > for application and data. > > On 2010-05-18, at 08:44, jvvn murty wrote: > > > Thanks ptw > > > > still i am going to extend this discussion. By default in the > > crossdomain.xml file the secure="false" is there. But i am not able to > get > > it solved. Is there any way to do that? > > > > I gone through some information that > > "Flash SWF files served over HTTP (or other insecure protocols) are no > > longer allowed to access movies or data served over HTTPS. " > > > > > > On Tue, May 18, 2010 at 6:05 PM, P T Withington <[email protected]> wrote: > > > >> The adobe paper I referenced should explain all. I believe you have to > >> specify secure='false': > >> > >> *1.5.5 HTTP-HTTPS communications* > >> Example 1.6 demonstrates the most permissive use of allow-access-from > granting > >> any other domain access to the files on this target domain, even if an > HTTP > >> source is accessing data on this domain through HTTPS. It should be > obvious > >> that this practice is not recommended. > >> *Example 1.6: allow-access-from: Most permissive access* > >> <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM " > >> http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";> > >> <cross-domain-policy> <allow-access-from domain="*" secure="false"/> > >> </cross-domain-policy> > >> > >> > >> On 2010-05-18, at 08:27, jvvn murty wrote: > >> > >> Thanks ptw, > >> > >> we are going to both in https. Presently its in dev phase. Once > >> everything is fine then we will put in prod with https only. > >> For now we have to test it in dev and local with app in http. > >> Can u please tell me what changes we have to do in crossdomain.xml to > >> comeout of this issue? > >> > >> On Tue, May 18, 2010 at 5:53 PM, P T Withington <[email protected]> wrote: > >> > >> Running the app in http and service in https is insecure. You can > permit > >> > >> it with crossdomain.xml, but you will have no security, since http app > can > >> > >> send https data to some other (unknown) server. This is why most > browsers > >> > >> issue a warning if you try to do this in HTML and why Flash does not > permit > >> > >> it by default. If you app is manipulating secure data, it is best if > the > >> > >> app and the data are from the same https server. > >> > >> > >> On 2010-05-18, at 08:10, jvvn murty wrote: > >> > >> > >> Hi ptw, > >> > >> > >> my application is running with http and the services api is running > >> > >> in > >> > >> https. > >> > >> Is it possible to work like this? or i have to change my application > >> > >> server to https? > >> > >> > >> is there any solution for the application in http and services in > >> > >> https? > >> > >> > >> > >> > >> On Tue, May 18, 2010 at 4:44 PM, P T Withington <[email protected]> wrote: > >> > >> > >> Are you fetching the app from the https server? It is not recommended > >> > >> that > >> > >> you permit a http app to access https data, although it can be done. To > >> > >> do > >> > >> so makes the use of https pointless. More information here: > >> > >> > >> > >> > >> > >> > http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1 > >> > >> > >> On 2010-05-18, at 06:51, jvvn murty wrote: > >> > >> > >> Hi, > >> > >> > >> I tried to work with https service API's in dataset but iam not able to > >> > >> hit the dataset and its giving crossdomain.xml problem. > >> > >> > >> Is there any way to call the services with https ? > >> > >> > >> just this is my example: > >> > >> > >> <canvas proxied="false"> > >> > >> <script> > >> > >> var srcs="https:// test url"; > >> > >> </script> > >> > >> <dataset name="myDs" type="http" request="true" src="${srcs}"> > >> > >> <handler name="ondata"> > >> > >> Debug.write("test"+this.serialize()) > >> > >> </handler> > >> > >> </dataset> > >> > >> </canvas> > >> > >> > >> > >> > >> > >> > >> > >
