||unity-dev|| testing Unity's policy file server

Discussion list for Unity developers. unity-dev at moock.org
Sat Apr 12 09:28:06 CDT 2008 

ok here's my deal.. I've not seen the crash in a couple u2 instances on my
servers with this patch. However, I cannot use this patch, so I've rolled it
back.

This is why:

I have several servers with more than a few U2 instances on the same IP, but
listening for the clients on different ports. Now, the easiest thing is to
not specify a port other than 843 for the security check.. why? because then
I'd have to mess around with port hopping to choose one available for EACH
instance.. and then, the client would have to make an swf code change to
load the policy file from THAT port explicitly.. PITA!

So.. I have expanded my custom solution of a standalone policy server for
EACH ip on 843, that serves up all the allowed domains and ports-to.. it's
the only way I can think of making it work, and easier to manage. Mind you,
this would mean that people can see what domains use a particular port-set
on my servers... so "technically" a breach of privacy but not really a
security threat.

Now a note to Gabriel -- are you SURE you placed the new jar in the correct
location?? the class not found error means to me that you either don't have
it in the right place, or, you have a path issue -- OR --- you perhaps have
a filename CASE issue? on unix, unity_optional.jar is NOT the same as
Unity_optional.jar, or unity_Optional.jar, etc... double check those..

-Jayson

On Fri, Apr 11, 2008 at 3:02 PM, Discussion list for Unity developers. <
unity-dev at moock.org> wrote:

> yup, that's all definitely true. (except for the stupid adobe part. as
> much as it's annoying, security is critical for flash player's success.
> just recently, usatoday.com was subject to a redirect attack that
> exploited flash player's old security model. if flash player gets a
> reputation for being insecure, the platform will die quickly.)
>
> jayson, have you tried the patch approach yet? for testing purposes,
> we'd like to get as many installations as possible with the patch
> approach while we work on the real fix.
>
> colin
>
>
> Discussion list for Unity developers. wrote:
> > fwiw, I took an old copy of Unity1 and simply modified the room
> dispatcher
> > to wait for the policy request, and then to send out the policy from a
> file
> > system file. ..this is working for me and a few clients right now
> without
> > issue.. the downside is that it's a second "application" to manage, and
> uses
> > up more resources than should be necessary.. but it works.. no restart
> of
> > the primary service or changes otherwise
> >
> > this could be done by any simple server created with any language
> running
> > along side U2 -- in java, vb or whatever.. it literally just has to
> accept
> > connections on port 843 (or whatever you want), and wait for the
> request,
> > and then send out the policy data and terminate the connection. In my
> case,
> > 843 worked easily enough with no code changes anywhere else whatsoever.
> >
> > stupid adobe.
> >
> >
> >
> > -Jayson
> >
> > On Fri, Apr 11, 2008 at 8:30 AM, Discussion list for Unity developers. <
> > unity-dev at moock.org> wrote:
> >
> >> HI all and thanks for all your replies and sorry for being so
> stressed...
> >>
> >> so here is the result of testing with realterm:
> >>
> >> each time i'm clicking on "open" button with mydomain.com:843, unity
> >> log.txt
> >> write the following:
> >>
> >>
> >> Exception in thread "Thread-5" java.lang.NoClassDefFoundError:
> >> org/moock/unity/core/ClientBufferedReader
> >>        at
> >>
> >>
> org.moock.unity.opt.policyserver.PolicyServer$Client.<init>(PolicyServer.java:122)
> >>        at
> >> org.moock.unity.opt.policyserver.PolicyServer.run(PolicyServer.java:85)
> >>        at java.lang.Thread.run(Unknown Source)
> >>
> >> i have 2.0.2 release running for theses tests...
> >>
> >> Regards
> >>
> >> Gabriel
> >>
> >> ----- Original Message -----
> >> From: "Discussion list for Unity developers." <unity-dev at moock.org>
> >> To: <unity-dev at moock.org>
> >> Sent: Friday, April 11, 2008 8:17 AM
> >> Subject: ||unity-dev|| testing Unity's policy file server
> >>
> >>
> >>> a quick note for those troubleshooting unity's policy file server.
> >>>
> >>> To test whether the Policy File Server is running properly on the
> >>> intended port, use a terminal to telnet to the port, then send the
> >>> string "<policy-file-request/>" followed by a null byte (ASCII 0). On
> >>> Windows, the free software RealTerm (http://realterm.sourceforge.net)
> >>> can be used to connect and send the required message.
> >>>
> >>> Steps for testing with RealTerm:
> >>> 1) on the Display tab, check "Half Duplex"
> >>> 2) on the Port tab, in the port pulldown, enter your domain and port
> in
> >>> the following format:
> >>>
> >>> yourdomain.com:nnn
> >>>
> >>> (where nnn is your port)
> >>> 3) Click "Open"
> >>> 4) on the Send tab, in the first pulldown menu to the left of "Send
> >>> Numbers", enter <policy-file-request/>
> >>> 5) click Send ASCII
> >>> 6) click the "0" button
> >>>
> >>> if the policy file server is working properly, you should see the
> >>> contents of your policy.xml file appear in the terminal window.
> >>>
> >>> colin
> >>>
> >>> --
> >>> you're a unity-dev subscriber. to unsubscribe, visit
> >>> www.moock.org/mailman/listinfo/unity-dev/
> >>>
> >>> superb hosting for this list and moock.org is generously provided by
> >>> Rackspace. See: http://www.rackspace.com/?supbid=moock
> >>>
> >>>
> >>
> >>
> >> --
> >> you're a unity-dev subscriber. to unsubscribe, visit
> >> www.moock.org/mailman/listinfo/unity-dev/
> >>
> >> superb hosting for this list and moock.org is generously provided by
> >> Rackspace. See: http://www.rackspace.com/?supbid=moock
> >>
> > --
> > you're a unity-dev subscriber. to unsubscribe, visit
> www.moock.org/mailman/listinfo/unity-dev/
> >
> > superb hosting for this list and moock.org is generously provided by
> Rackspace. See: http://www.rackspace.com/?supbid=moock
> --
> you're a unity-dev subscriber. to unsubscribe, visit
> www.moock.org/mailman/listinfo/unity-dev/
>
> superb hosting for this list and moock.org is generously provided by
> Rackspace. See: http://www.rackspace.com/?supbid=moock
>

More information about the unity-dev mailing list