Security Sandbox Violation w/ localhost Connections
If you've ever developed a SWF locally which is only trying to access localhost, you've probably been frustrated by the sandbox violation errors that come up. I wondered how the Flex Builder IDE was able to run SWF's and have them create sockets to localhost without getting the same errors. I created a small test called SocketSandboxError.as that simply tries to make a socket connection to localhost and I launched it using Flash Player 9.
Predictably the first result is the sandbox error you know and love:
After making this change and re-running the application I got this different error:
References:
Update @ 24 JAN 2008: Any file you put in the C:\Documents and Settings\user.name\Application Data\Macromedia\Flash Player\#Security\FlashPlayerTrust\ folder seems to be parsed. I'm planning on using this fact as a "debug" feature of Obrunski, e.g. before launching the SWF it will create/overwrite obrunski.cfg with the current SWF's full path as the only entry.
SocketSandboxError.as
package
{
import flash.display.Sprite;
import flash.net.Socket;
public class SocketSandboxError extends Sprite
{
private var _connection:Socket;
public function SocketSandboxError()
{
_connection = new Socket();
_connection.connect("localhost", 8080);
}
}
}
Predictably the first result is the sandbox error you know and love:
Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: file:///C|/Stuff/FlashTest/src/SocketSandboxError.swf cannot load data from localhost:8080.I then used FileMon to see what files were being touched and found C:\Documents and Settings\username\Application Data\Flash Player\#Security\FlashPlayerTrust\flexbuilder.cfg. Here you can add directories or specific SWF's that basically get full trust and can access network resources and such; obviously something you only want to utilize while developing locally. I added the directory containing SocketSandboxError.as: C:\Stuff\FlashTest\src.
at SocketSandboxError$iinit()
After making this change and re-running the application I got this different error:
Error #2044: Unhandled IOErrorEvent:. text=Error #2031: Socket Error.Success! This means Flash is actually trying to make the connection, but unless you have something listening on that port (8080 in this example, which I don't) this error will occur.
at SocketSandboxError$iinit()
References:
- FlashPlayerTrust (Flex 2 Docs)
Update @ 24 JAN 2008: Any file you put in the C:\Documents and Settings\user.name\Application Data\Macromedia\Flash Player\#Security\FlashPlayerTrust\ folder seems to be parsed. I'm planning on using this fact as a "debug" feature of Obrunski, e.g. before launching the SWF it will create/overwrite obrunski.cfg with the current SWF's full path as the only entry.
posted by NeilO at 1:02 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home