Discussion list for Unity developers.
unity-dev at moock.org
Thu Apr 10 11:10:09 CDT 2008
hi david, actually, even applying the fixes described in Adobe's article won't fully fix the problem. Unity users will have to update their software also, as described here: http://moock.org/unity/technotes/00001.html we now have a short-term fix for the issue. i'll post it in a few minutes. colin Discussion list for Unity developers. wrote: > Here, please go through this document, it should detail the changes, how to > find what's wrong, and how to fix: > > http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html > > In particular this section: > http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html#socket_policy > > -David R > > On Thu, Apr 10, 2008 at 8:39 AM, Discussion list for Unity developers. < > unity-dev at moock.org> wrote: > >> Hi again >> >> after checking my apache log files, it appears that my room is not >> chekcing >> for the crossdomain.xml anymore...on the other hand, with another computer >> using older version of the player, the room will load the >> crossdomain.xml... >> >> are there any policy changes i would have been missing ? >> >> Thanks for your help.... >> >> Gabriel >> >> ----- Original Message ----- >> From: "Discussion list for Unity developers." <unity-dev at moock.org> >> To: <unity-dev at moock.org> >> Sent: Wednesday, March 26, 2008 7:36 PM >> Subject: Re: ||unity-dev|| Unity server sending policy files too fast >> >> >>> update: we are implementing the fix now, and will release it as part of >>> our April update. >>> >>> colin >>> >>> Discussion list for Unity developers. wrote: >>>> hi david, >>>> what you are witnessing is a Flash Player architectural bug that rarely >>>> surfaces, but is a known bug nonetheless. >>>> >>>> here's an excerpt from my discussion with the Flash Player engineer >>>> responsible for implementing the policy file feature: >>>> >>>> "In public docs also, I [the engineer] suggested that, in separate >>>> mode, whenever the server received a connection on the policy file >> port, >>>> it could immediately send the policy file and close the connection. I >>>> won't bore you with the horrible low-level TCP / Berkeley socket API / >>>> winsock details, but it turns out that this advice was wrong. If the >>>> server first sends and closes, then receives the >> <policy-file-request/>, >>>> things can go bad and the player can end up never seeing the policy >>>> file. The results are intermittent because of race conditions. >>>> >>>> The fix, which should be applied in Unity, is that, even in separate >>>> mode, the server should always wait for <policy-file-request/> before >>>> replying with a policy file." >>>> >>>> I'll talk to Derek about implementing the suggested fix. shouldn't be a >>>> lot of work. we can send you a custom build offlist. >>>> >>>> colin >>>> >>>> >>>> >>>> Discussion list for Unity developers. wrote: >>>>> Hi, >>>>> >>>>> I'm having trouble when unity is on the same local network as the >> flash >>>>> client. I used a packet sniffer to watch the traffic, and it looks >> like >>>>> unity is sending the policy file BEFORE flash is sending the request. >>>>> >>>>> Eg, the data happens in this order: >>>>> >>>>> >From Server: <cross-domain-policy><allow-access-from domain="*" >>>>>> to-ports="9100,9101,9102" /></cross-domain-policy>. >>>>>> From Client: <policy-file-request/>. >>>>>> >>>>> Then, I notice in my policyfiles.txt log (output by the debug flash >>>>> player): >>>>> >>>>>> Error: Failed to load policy file from xmlsocket://192.168.1.91:9102 >>>>>> >>>>> So it seems that flash will ignore the policy file if it is sent >> before >>>>> the >>>>> request? The problem seems intermittent, sometimes it works fine. So >> is >>>>> it >>>>> possible the policy server could be made to wait for the request >> before >>>>> replying? >>>>> >>>>> Thanks, >>>>> David R >>>>> -- >>>>> you're a unity-dev subscriber. to unsubscribe, visit >>>>> www.moock.org/mailman/listinfo/unity-dev/ >>>>> >>>>> superb hosting for this list and moock.org is generously provided by >>>>> Rackspace. See: http://www.rackspace.com/?supbid=moock >>>> -- >>>> you're a unity-dev subscriber. to unsubscribe, visit >>>> www.moock.org/mailman/listinfo/unity-dev/ >>>> >>>> superb hosting for this list and moock.org is generously provided by >>>> Rackspace. See: http://www.rackspace.com/?supbid=moock >>> -- >>> you're a unity-dev subscriber. to unsubscribe, visit >>> www.moock.org/mailman/listinfo/unity-dev/ >>> >>> superb hosting for this list and moock.org is generously provided by >>> Rackspace. See: http://www.rackspace.com/?supbid=moock >>> >>> >> >> >> -- >> you're a unity-dev subscriber. to unsubscribe, visit >> www.moock.org/mailman/listinfo/unity-dev/ >> >> superb hosting for this list and moock.org is generously provided by >> Rackspace. See: http://www.rackspace.com/?supbid=moock >> > -- > you're a unity-dev subscriber. to unsubscribe, visit www.moock.org/mailman/listinfo/unity-dev/ > > superb hosting for this list and moock.org is generously provided by Rackspace. See: http://www.rackspace.com/?supbid=moock