FileReference - crossdomain.xml - restrict access to all MY Flex application?
I have a Flex application based on the web (domain A) concerning must download files on the desktop of the user FROM an external server (domain B). I use Adobe FileReference class to do this. Now, I know that I need a file crossdomain.xml to the external server in domain B to establish trust between the Flex application and the server download. In the end, I need any user to any domain to have access on the server download for the cross-domain file must specify:
allow-access-from domain="*"
But this will open up acess to the downloadble files to any flex app out there on the web . Is there a way to restrict access to just MY Flex app in the
crossdomain.xml file?
thx in advance!
-MCWhy do you need any user to any domain access?
Anyone using your web application will be in area a. unless you count should the swf for others to download from their servers (which woiuld be strange)
the field is the place where its hosted
Tags: Flex
Similar Questions
-
How to restrict access to the service web application deployed on weblogic for user group only
I built the web service application in jdevelopler 11.1.1.7. Their security policy applied in the web service of the default Oracle policy which is (policy: Wssp1.2 - 2007-Https-UsernameToken - Plain.xml)
Now all want to access the web service application must provide the name of user and password in the header section of the SOAP request to meet the requirement of the policy.
the following steps I'm trying to restrict access to the application of web service with a specific group of users among users of weblogic:
Connect to the weblogic administration console
Create user or group of users
Click on the links of deployments
Select your web service
Click the Security tab
Click the sub-tab political
Choose your authorization provider in the menu drop-down (looks like by default)
Choose Add Conditions-> Group-> Type in the name of the Group
Finishing
But access is always available for all weblogic users (IE users not in the group specified in the above security configuration). How can I restrict access to only authorized group? Any thing lacking in my approach?
There is nothing wrong with the steps mentioned in the question. In addition, you must do the following
At the time of the application deployment with regard to the security part, there is a list in the title of the question (which security template you want to use with this application?)
You must select (Advanced: use a custom template that you have configured on the page of configuration of the Kingdom) a configuration mentioned in the question will be work
-
How to restrict access in EDITION of APEX Applications in the same workspace
Hello
I have a workspace that consist of several say application APPL1, APPL2, APPL3,... etc...
This workspace has access to several... say developers Developer1, Developer 2, etc...
How can we restrict access in EDITION of Applications for a particular user.
for exp.
Developer1 should be able to access/change only the APPL1 & the APPL2. He should not be able to modify APPL3.
same way... * Developer 2 * should be able to access/change only APPL3. He should not have editing access to APPL1 & APPL2.
Thank you
DeepakHello
I think that's not possible. At least I don't have to see how it could be done.
This is why there are work spaces. You must create a workspace clean to all applications for example.
Then of course there was maybe still problem with the analysis of access privileges to the schema if for example all 3 applications use the same scheme of analysis.
You must assign same pattern to all areas of work, and then all of the developers of the workspace that you can change database schema objects.BR, Jari
-
How to restrict access for all? Single user mode...
I do export/import Windows for Oracle schema objects. How to ensure that when I export in the database of migration no one else doesn't change the data. Is there a single user mode so that I can be sure the only connection when exporting?
Oracle 10g R2 on Windows Server.
Thank you
SmithPerhaps you are not familiar with the concept of multi version consistent reading.
No one can see that that is not validated and reading can never be blocked.
If you want a system where no one can see things kill their sessions and make a START RESTRICTING.
-
Just crossdomain.XML doesn't work do not
Hello
I have move my request to my Local computer problems to a development/TEST server for testing. My application uses c# Web Services to access data and a Flex front-end.
Here is the error I get (only on the development/TEST server):
An error occurred communicating with the server.
Error message: HTTP request error
Faul Code is: Server.Error.Request
Lack of detail is: error: [IOErrorEvent type = "ioError" bubbles = false cancelable = false eventPhase = 2 text = "Error #2032: stream error."] "URL: http://DOMAIN/APPLICATION/WebService.asmx" URL: WebService.asmx
Exactly the same configuration works on my local machine. I have a crossdomain.xml in place file that looks like this:
<? XML version = "1.0"? >
<! DOCTYPE cross-domain-policy (View Source for full doctype...) >
-cross-domain-policy >
< site permitted-cross-domain-policies of control = 'all' / >
< allow-access-from domain = "' * ' course ="fase"/ >"
"< allow-http-request-headers-from domain =" "*" headers = "*" course = "fase" / >
< / cross-domain-policy >
However, I don't think the crossdomain is actually necessary, because there is demand on the same domain and directory as the webServices. But, I added one anyway, because every google search seems to say that the HTTP request error: Server.Error.Request is a problem of crossdomain.xml.
Little, I thought it might be a permission error. However, I have the web page, run as an 'application' and user account for the application has permissions to the root directory and all it's children files/directories (so he can read the crossdomain.xml) and also the identity of the application has access to run all selects them.
Unfortunately I am running this on IIS6 on the machine of dev/TEST and IIS7 on my local machine. So I can't set up the failed request tracking to see if I can find the problem there.
Does anyone have any help that they can share? I spent the full day try everything I can think of to make it work with no will.
Any help would be greatly appreciated!
Thank you!!
-MikeIt turns out that the problem was that the Application Pool identity did not have access to the SQL DB do CRUD. I guess you should never be too sure of things. -= o /
-
How to restrict access to the drive of Wndows xp sp3?
I have 3 user account on my computer, it is has the administrator rights and the other is a standard user account.
I want to restrict access to all readers for the standard player.I used gpedit.msc to enable the administrative model, but it also limits the account admin and me to access the roadOS: windows XP SP3Please adviceHi Utkarsh.Ranjan,If you want to restrict access to a drive by using the Group Policy Editor, you can not apply for a particular user account. This will change for the user accounts.You can't restrict access to the complete transmission. However, you can resrtict access to folders and files inside a car to a particular user.Refer to the section "set, view, change, or remove special permissions for files and folders" in the following article and follow the steps to remove the authorization of the user access to the file/folder. -
How to restrict access to users?
Original title: ask the community
Hello
Operating system is Windows 7 Pro 64 bit.
Scenario:
Drive C is about 200 GB
D drive is 500 GB.
Want to keep the drive clutter free C, so I created folders for music, videos, etc. on my drive D. I downloads I need to restrict access to all users except those with administrator privileges. How can I do this?
Vijay.
I'm sorry that I didn't have this update. At the end of the day, it is quite simple.
Right-click on the folder, go to "share with"select"Nobody" selected "change sharing permissions."
Adds the user in the drop-down list just to be sure.
Tried to access the folder since the account other users & got an access denied message. If I clicked on continue after he asked my administrator/user password. It was good enough for me.
Vijay.
-
Access to all computers, Access Restriction stops
I put the time of access restriction for my son (we have a wireless access for all systems). I use MAC address on its systems. Xbox, Kindle Fire and his laptop.
The MAC address are Correct. Here's the problem:
I put the 'allow' and the time from 18:00 - 23:00 (all about the Christmas holidays) - the system works for awhile it is cut, as I'd like, but...
After a period of time, the whole House goes online. I have to restart put it on router e2000, then disable access restrictions. System works then. Problem is reproducible. What is the problem. I've updated the firmware already. Otherwise, the system works very well. Never dies. Just at the moment where I set access restricions for awhile he kills houese entiore. BTW I can totally deny him 24/7 and the system idsables access very well. It's just when I put a specific time. I am very frustrated.
Turning it off for an hour, did the trick. Don't know why, but its working now. Thanks for the tip.
-
Restriction of dblink need access to all objects
Hell of all;
I can't stop hr user, this user can access all objects in scott.
* I want to restrict the user hr. I want to settle hr user needs access only emp1 table and any other tables.
How can I do this?
the user is scott
SQL > create mvemp1 view materialized in select * from emp1.
the user is RH
SQL > create link1 link database to connect to scott identified by Tiger using 'orclprod ';
Database link created.
SQL > select DB_LINK, username user_db_links;
DB_LINK USERNAME
LINK1. REGRESS. RDBMS. DEV. US. ORACLE.COM SCOTT
SQL > select count (*) in the scott.emp@link1;
COUNT (*)
14SQL > select count (*) in the scott.samp@link1;
COUNT (*)
100SQL > select count (*) in the scott.salgrade@link1;
thanks in advance...
COUNT (*)
5969352 wrote:
SB... sorry I didn't.The ONLY way to "restrict" access is not given in the first place!
Some documents about restrictions
If/when you ever issue any GRANT, then access is not & cannot occur.
If/when the user has access & you want to deny access, and then REVOKE the previous GRANT. -
restricting access to a schema for all
What are the methods to restrict access to a particular schema obects?
My impression was always that all access to an application schema should only be given through roles. and it was as simple as turning off these roles to restrict access. but I get the impression now that disabling a role is at the user level only session...
the most popular direction.If it's just a backup to close applications, perhaps just looking for the opportunity to password protect the roles, as I mentioned in my original post. You could certainly password protect all the roles in the database with a password only you know (assuming, of course, none of the upgrade scripts rely on any of the roles or that the upgrade scripts are modified to activate the roles), and then remove the password when the upgrade is completed. This would be a relatively unique solution - I have not heard of someone who was particularly concerned that a request would be left inadvertently on and cause corruption of the information during a major database upgrade - application error if the schema definition is not what they want - but it would probably normally as possible. And it would be relatively easy to script.
Of course, you still have to deal with sessions that existed before your password protected the role, but who would usually point you in the direction of an application that had not yet been arrested.
Justin
-
Can someone tell me what's the use of crossdomain.xml? And how does it work? Where there should be the crossdomain.xml file is placed in the client side or the remote access server?
If you have a Flash movie in a field on a single server, you cannot access data on another domain. It is a safety precaution. In order to use the data from another domain, you must allow other data to share including a crossdomain.xml file in the second field. This crossdomain.xml file tells the flash player that the data from that second domain is OK to use.
There are a number of scenarios, explained in the first document that I listed above. You have a situation that is different from all these examples?
-
crossdomain.XML for subdirectory level
Hello
We must deploy crossdomain.xml on our Web server, but the host name remains the same across different Web sites.
How can we add restrictions to the sub-directoty (website1) level?
the URLS are like below, now how do I add striking restriction only for website1?
www.mysite.com/content/WebSite1/test.html
www.mysite.com/content/website2/test.html
www.mysite.com/content/website3/test.html
e, g,
<? XML version = "1.0"? >
<! DOCTYPE cross-domain-policySYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd" > ""
< cross-domain-policy >
"< allow-access-from domain ="www.mysite.com"safe ="false"/ >"
< allow-access-from domain = "mysite.com" safe = "false" / > "
< / cross-domain-policy
Thank you!
at the level of your root use crossdomain.xml:
http://www.Adobe.com/XML/DTDs/cross-domain-policy.DTD">
and in a subdirectory that you want to allow access, use crossdomain2.xml:
http://www.Macromedia.com/XML/DTDs/cross-domain-policy.DTD">
-
IOError in IE but not in Firefox (problem possible crossdomain.xml)
Yesterday I debugged If all goes well a problem that happens for our application in Internet Explorer but not in Firefox.
This has to do with access to remote content from a separate domain.
In all aspects, it SEEMS to be a problem of crossdomain.xml, but the fact that this arrises only problem in IE is what prompted me to post here.
We have a solution in progress (in the bureaucratically speaking), but I want to check here.
Our application is the field of "a.domain".
It access a file xml on 'b.domain/xml/ '.
And finally (this is the tricky part) it also accesses an xml file to "b.domain/forwardingPath/" which is actually transmitted to the 'c.domain/xml/ '.
The crossdomain.xml is located at "b.domain/crossdomain.xml".
The application of "b.domain/xml/anXMLFile.xml" works without any problem.
The demand for the 'b.domain/forwardingPath/anotherXMLFile.xml' exists in Firefox but not in IE (remember, ACTUAL demand is sent to "c.domain/xml/anotherXMLFile.xml").
In Internet Explorer, I get an IOError.
I think that we need a proper crossdomain.xml file, also located in the "c.domain/crossdomain.xml" and put in this request. I want to confirm is whether this interpretation is correct. I'm not at all a person on the server side. It's all of the elves and fairies for me. And then finally, why the hell is this inconsistent behavior between IE and Firefox? The version of flash player Firefox violates its own safety standards?
I swap this in the stack overflow. field-xml-issue http://StackOverflow.com/questions/7395931/ioError-in-IE-but-not-in-Firefox-possible-Cross
I have ping our developers on this subject and this is what they have to say:
"We did some work for the plugin around redirects andhence the correct behavior on Firefox.
As far as I KNOW, on IE we don't get the redirection messages and may not participate in the decision-making process of security during redirection scenarios. This behavior is beyond our control.
There is a workaround solution described in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html #checkPolicyFile
Here's the relevant paragraph:
Be careful with checkPolicyFile if you are downloading anobject from a URL that can use HTTP redirects on the server side. Arealways policy files comes from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of the HTTPredirects, the initially downloaded policy files might not applicableto the of the object's final URL, which is the URL that matters in security decisions. If you are in this situation, you can examine the value of ofLoaderInfo.url after receiving an orEvent.COMPLETE ProgressEvent.PROGRESS event, which tells you the final URL of the object. Then call the method theSecurity.loadPolicyFile () with a URL based on the object URL policy file ' sfinal. Then query the value of LoaderInfo.childAllowsParent until it becomes true. »
Chris
-
HTTPService to localhost does not work in Flex4... Even with crossdomain.xml
So, it worked before I recompiled with Flex4, (in Flex 3.5) and now I can't get the following to work...
History:
I use httpservice in flex as:
"" < mx:HTTPService id = "methods" url = "http://localhost/parser.php"method = "POST" showBusyCursor = "true" resultFormat = "e4x" result ="xmlresultHandler (event)" fault = "faultHandler (event)" / > "
Everything is in my directory on my web server. When run in debugging or directly from flashbuilder, the call works fine. If I ran a release build, FTP in/var/www rejection (my roots) and try to access the server, the site pulls upward, and the series of swf files, but I always get a
Fault: Channel .Security .error
FaultString: 'error of security to access the url.
faultDetail: ' Destination: DefaultHTTP.
When it tries to read the httpservice.
I have a crossdomain.xml file in my folder/var/www (webroot) with what I see as a permissive super settings... Below:
<? XML version = "1.0"? >
<! DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd" > ""
< cross-domain-policy >
"< allow-access-from domain =" "*" ports = "*" / >
< site permitted-cross-domain-policies of control = 'all' / >
"< allow-http-request-headers-from domain =" "*" headers = "*" / >
< / cross-domain-policy >Any help would be GREATLY appreciated.
You may need to set the - use-network = false compiler option.
Project - Properties - Flex Compiler
Add the option - use-network = false for the ' additional compiler arguments: "section.
When deploying on a live server, you probably need to recompile it with the option - use-network = true.
Who knows, maybe in your situation, it must be set to true.
If this post answers your question or assistance, please mark it as such.
Greg Lafrance - Flex 2 and 3 certified ACE
www.ChikaraDev.com
Training Flex and Support Services
-
Good afternoon
I have a web app in flex 3 which, on a server "http://SRV-XXX:8181/relflex/main.html" and in the application, I reached by HTTPService " http://SRV-XXX:8181/SL_SISFLEX/slSRV05"(my Servlets).
When you access the site with 'http://SRV-XXX:8181/relflex/main.html' works normally, but when I "http://172.1.0.6:8181/relflex/main.html" does not work and error # 2048(mx.messaging.messages: errorMessage) # 0
body = (null)
clientId = "DirectHTTPChannel0".
correlationId = "0D499AD7-FE29-95E7-9B5A-B2062705750F."
destination = «»
extendedData = (null)
faultCode = "Channel.Security.Error".
faultDetail = "Destination: DefaultHTTP.
faultString = "error of security to access the url.
headers = (Object) # 1
DSStatusCode = 0
MessageId = "F4BCF095-DD0B-8739-5057-B2062734F478."
rootCause = (flash.events: SecurityErrorEvent) # 2
bubbles = false
cancelable = false
currentTarget = (flash.net: URLLoader) # 3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text".
eventPhase = 2
target = (flash.net: URLLoader) # 3
Text = "error # 2048: Violation of the safe area: http://172.1.0.6:8181/relflex/main.swf cannot load data from http://SRV-XXX:8181/SL_SISFLEX/slSRVXXX? db = relflex & parameterDataSource = % S 5FPOD USP.»
Type = "securityError".
timestamp = 0
timeToLive = 0I try to use the link in the crossdomain.xml as http://SRV-XXX:8181/relflex/crossdomain.xml:
<? XML version = "1.0"? >
<! DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd" > ""
< cross-domain-policy >
< site-control permit-cross_domain-policing = 'all' / >
< allow-access-from domain = "" * "ports =" * "/ >"
< allow-access-from domain = "srv - XXX" ports = "8181" / >
< allow-access-from domain = "172.1.0.6" to-ports = "8181" / >
< / cross-domain-policy >And in the application I'm call-> flash.system.Security.loadPolicyFile ("http://SRV-XXX:8181/relflex/crossdomain.xml");
You can help me to solve the problem of the call of 172.1.0.6:8181 and SRV - XXX:8181?
TKS!
Paulo David
If you can, try the default configuration where you put the crossdomain.xml file in the root and not the relflex subfolder.
Alex Harui
Flex SDK Developer
Adobe Systems Inc..
Maybe you are looking for
-
Download of firefox is completely free of Babylon?
I want to download Firefox for its functionality, but I saw the damage and problems caused by the research program of Babylon that piggybacks on a large number of download sites and invades the browser. Download of Firefox is your official site 1000%
-
Desktop HP ENVY - 750-150xt CT: Model HP ENVY Desktop - 750-150xt CTO - DVD and specifications
My new HP computer includes a "Ultra Slim tray SuperMulti DVD Burner", but I have been completely unable to find a model ID or plug on this unit. I did find a datasheet on the HP dvd940i device, but have no reason to believe that it is the device in
-
Satellite L850: Catalyst Control Center does not start
Hello, I have an AMD 7670 m dedicated graphics card and when I install the AMD display drivers downloaded from the toshiba site, the Catalyst control does not start and he also seem to have problems with the usb ports and my wireless stops working fo
-
Can I use a Satellite P840/019 keyboard in Satellite P840/00 s?
From what I understand a P840/019 has a backlit keyboard. I can buy this keyboard separately from http://store.emprgroup.com.au/c-41707-keyboard.aspx here My question is can I Exchange my p840/00s with the keyboard and the use of the backlight functi
-
original title: help with Movie Maker... I can't open videos or change with Movie Maker. Is it because I have a Sony Handycam? He said that there is a lack of "codec". Where can I install the missing codec from? Very frustrating because I've used it