||unity-dev|| testing Unity's policy file server

Discussion list for Unity developers. unity-dev at moock.org
Sat Apr 12 12:56:07 CDT 2008 

ok thanks...i took the original files included in unity and paths are 
separated by ":"...

still have the same result with real term: it can connect but error message 
in unity logs on connection, and no results when sending policy file request

Thanks

Gabriel


----- Original Message ----- 
From: "Discussion list for Unity developers." <unity-dev at moock.org>
To: <unity-dev at moock.org>
Sent: Saturday, April 12, 2008 6:34 PM
Subject: Re: ||unity-dev|| testing Unity's policy file server


> the paths should be separated by a semi-colon, not a colon, as far as I 
> know
> even on unix...
> java -cp
> lib/unity_optional.jar;lib/xerces.jar;lib/xml-apis.jar;lib/unity_core.jar;ib/log4j.jar;lib/jdom.jar
> -Dlog4j.configuration=file:ss.lcf org.moock.unity.core.Unity start
>
> that would explain the problem as far as I'm concerned!
>
> On Sat, Apr 12, 2008 at 10:43 AM, Discussion list for Unity developers. <
> unity-dev at moock.org> wrote:
>
>> and here is the startserver.sh :
>>
>> #!/bin/sh
>> java -cp
>>
>> lib/unity_optional.jar:lib/xerces.jar:lib/xml-apis.jar:lib/unity_core.jar:lib/log4j.jar:lib/jdom.jar
>>  -Dlog4j.configuration=file:ss.lcf org.moock.unity.core.Unity start &
>>
>> is that correct ?
>>
>> Thx
>>
>> Gabriel
>> ----- Original Message -----
>> From: "Discussion list for Unity developers." <unity-dev at moock.org>
>> To: <unity-dev at moock.org>
>> Sent: Saturday, April 12, 2008 4:28 PM
>> Subject: Re: ||unity-dev|| testing Unity's policy file server
>>
>>
>> > ok here's my deal.. I've not seen the crash in a couple u2 instances on
>> my
>> > servers with this patch. However, I cannot use this patch, so I've
>> rolled
>> > it
>> > back.
>> >
>> > This is why:
>> >
>> > I have several servers with more than a few U2 instances on the same 
>> > IP,
>> > but
>> > listening for the clients on different ports. Now, the easiest thing is
>> to
>> > not specify a port other than 843 for the security check.. why? because
>> > then
>> > I'd have to mess around with port hopping to choose one available for
>> EACH
>> > instance.. and then, the client would have to make an swf code change 
>> > to
>> > load the policy file from THAT port explicitly.. PITA!
>> >
>> > So.. I have expanded my custom solution of a standalone policy server
>> for
>> > EACH ip on 843, that serves up all the allowed domains and ports-to..
>> it's
>> > the only way I can think of making it work, and easier to manage. Mind
>> > you,
>> > this would mean that people can see what domains use a particular
>> port-set
>> > on my servers... so "technically" a breach of privacy but not really a
>> > security threat.
>> >
>> > Now a note to Gabriel -- are you SURE you placed the new jar in the
>> > correct
>> > location?? the class not found error means to me that you either don't
>> > have
>> > it in the right place, or, you have a path issue -- OR --- you perhaps
>> > have
>> > a filename CASE issue? on unix, unity_optional.jar is NOT the same as
>> > Unity_optional.jar, or unity_Optional.jar, etc... double check those..
>> >
>> > -Jayson
>> >
>> > On Fri, Apr 11, 2008 at 3:02 PM, Discussion list for Unity developers. 
>> > <
>> > unity-dev at moock.org> wrote:
>> >
>> >> yup, that's all definitely true. (except for the stupid adobe part. as
>> >> much as it's annoying, security is critical for flash player's 
>> >> success.
>> >> just recently, usatoday.com was subject to a redirect attack that
>> >> exploited flash player's old security model. if flash player gets a
>> >> reputation for being insecure, the platform will die quickly.)
>> >>
>> >> jayson, have you tried the patch approach yet? for testing purposes,
>> >> we'd like to get as many installations as possible with the patch
>> >> approach while we work on the real fix.
>> >>
>> >> colin
>> >>
>> >>
>> >> Discussion list for Unity developers. wrote:
>> >> > fwiw, I took an old copy of Unity1 and simply modified the room
>> >> dispatcher
>> >> > to wait for the policy request, and then to send out the policy from
>> a
>> >> file
>> >> > system file. ..this is working for me and a few clients right now
>> >> without
>> >> > issue.. the downside is that it's a second "application" to manage,
>> and
>> >> uses
>> >> > up more resources than should be necessary.. but it works.. no
>> restart
>> >> of
>> >> > the primary service or changes otherwise
>> >> >
>> >> > this could be done by any simple server created with any language
>> >> running
>> >> > along side U2 -- in java, vb or whatever.. it literally just has to
>> >> accept
>> >> > connections on port 843 (or whatever you want), and wait for the
>> >> request,
>> >> > and then send out the policy data and terminate the connection. In 
>> >> > my
>> >> case,
>> >> > 843 worked easily enough with no code changes anywhere else
>> whatsoever.
>> >> >
>> >> > stupid adobe.
>> >> >
>> >> >
>> >> >
>> >> > -Jayson
>> >> >
>> >> > On Fri, Apr 11, 2008 at 8:30 AM, Discussion list for Unity
>> developers.
>> >> > <
>> >> > unity-dev at moock.org> wrote:
>> >> >
>> >> >> HI all and thanks for all your replies and sorry for being so
>> >> stressed...
>> >> >>
>> >> >> so here is the result of testing with realterm:
>> >> >>
>> >> >> each time i'm clicking on "open" button with mydomain.com:843, 
>> >> >> unity
>> >> >> log.txt
>> >> >> write the following:
>> >> >>
>> >> >>
>> >> >> Exception in thread "Thread-5" java.lang.NoClassDefFoundError:
>> >> >> org/moock/unity/core/ClientBufferedReader
>> >> >>        at
>> >> >>
>> >> >>
>> >>
>> org.moock.unity.opt.policyserver.PolicyServer$Client.<init>(PolicyServer.java:122)
>> >> >>        at
>> >> >>
>> org.moock.unity.opt.policyserver.PolicyServer.run(PolicyServer.java:85)
>> >> >>        at java.lang.Thread.run(Unknown Source)
>> >> >>
>> >> >> i have 2.0.2 release running for theses tests...
>> >> >>
>> >> >> Regards
>> >> >>
>> >> >> Gabriel
>> >> >>
>> >> >> ----- Original Message -----
>> >> >> From: "Discussion list for Unity developers." <unity-dev at moock.org>
>> >> >> To: <unity-dev at moock.org>
>> >> >> Sent: Friday, April 11, 2008 8:17 AM
>> >> >> Subject: ||unity-dev|| testing Unity's policy file server
>> >> >>
>> >> >>
>> >> >>> a quick note for those troubleshooting unity's policy file server.
>> >> >>>
>> >> >>> To test whether the Policy File Server is running properly on the
>> >> >>> intended port, use a terminal to telnet to the port, then send the
>> >> >>> string "<policy-file-request/>" followed by a null byte (ASCII 0).
>> On
>> >> >>> Windows, the free software RealTerm (
>> http://realterm.sourceforge.net)
>> >> >>> can be used to connect and send the required message.
>> >> >>>
>> >> >>> Steps for testing with RealTerm:
>> >> >>> 1) on the Display tab, check "Half Duplex"
>> >> >>> 2) on the Port tab, in the port pulldown, enter your domain and
>> port
>> >> in
>> >> >>> the following format:
>> >> >>>
>> >> >>> yourdomain.com:nnn
>> >> >>>
>> >> >>> (where nnn is your port)
>> >> >>> 3) Click "Open"
>> >> >>> 4) on the Send tab, in the first pulldown menu to the left of 
>> >> >>> "Send
>> >> >>> Numbers", enter <policy-file-request/>
>> >> >>> 5) click Send ASCII
>> >> >>> 6) click the "0" button
>> >> >>>
>> >> >>> if the policy file server is working properly, you should see the
>> >> >>> contents of your policy.xml file appear in the terminal window.
>> >> >>>
>> >> >>> colin
>> >> >>>
>> >> >>> --
>> >> >>> you're a unity-dev subscriber. to unsubscribe, visit
>> >> >>> www.moock.org/mailman/listinfo/unity-dev/
>> >> >>>
>> >> >>> superb hosting for this list and moock.org is generously provided
>> by
>> >> >>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> you're a unity-dev subscriber. to unsubscribe, visit
>> >> >> www.moock.org/mailman/listinfo/unity-dev/
>> >> >>
>> >> >> superb hosting for this list and moock.org is generously provided 
>> >> >> by
>> >> >> Rackspace. See: http://www.rackspace.com/?supbid=moock
>> >> >>
>> >> > --
>> >> > you're a unity-dev subscriber. to unsubscribe, visit
>> >> www.moock.org/mailman/listinfo/unity-dev/
>> >> >
>> >> > superb hosting for this list and moock.org is generously provided by
>> >> Rackspace. See: http://www.rackspace.com/?supbid=moock
>> >> --
>> >> you're a unity-dev subscriber. to unsubscribe, visit
>> >> www.moock.org/mailman/listinfo/unity-dev/
>> >>
>> >> superb hosting for this list and moock.org is generously provided by
>> >> Rackspace. See: http://www.rackspace.com/?supbid=moock
>> >>
>> > --
>> > you're a unity-dev subscriber. to unsubscribe, visit
>> > www.moock.org/mailman/listinfo/unity-dev/
>> >
>> > superb hosting for this list and moock.org is generously provided by
>> > Rackspace. See: http://www.rackspace.com/?supbid=moock
>> >
>> >
>>
>>
>>
>> --
>> you're a unity-dev subscriber. to unsubscribe, visit
>> www.moock.org/mailman/listinfo/unity-dev/
>>
>> superb hosting for this list and moock.org is generously provided by
>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>>
> --
> you're a unity-dev subscriber. to unsubscribe, visit 
> www.moock.org/mailman/listinfo/unity-dev/
>
> superb hosting for this list and moock.org is generously provided by 
> Rackspace. See: http://www.rackspace.com/?supbid=moock
>
>

More information about the unity-dev mailing list