||unity-dev|| testing Unity's policy file server

Discussion list for Unity developers. unity-dev at moock.org
Sat Apr 12 16:13:12 CDT 2008 

hi jayson,
if we allow you to specify a separate policy port and policy.xml file 
for each individual IP on a specific machine, will that solve your problem?

e.g.,
ip 1.1.1.1: port 843, file p1.xml
ip 2.2.2.2: port 843, file p2.xml
ip 3.3.3.3: port 9102, file p3.xml

colin

Discussion list for Unity developers. wrote:
> ok here's my deal.. I've not seen the crash in a couple u2 instances on my
> servers with this patch. However, I cannot use this patch, so I've rolled it
> back.
> 
> This is why:
> 
> I have several servers with more than a few U2 instances on the same IP, but
> listening for the clients on different ports. Now, the easiest thing is to
> not specify a port other than 843 for the security check.. why? because then
> I'd have to mess around with port hopping to choose one available for EACH
> instance.. and then, the client would have to make an swf code change to
> load the policy file from THAT port explicitly.. PITA!
> 
> So.. I have expanded my custom solution of a standalone policy server for
> EACH ip on 843, that serves up all the allowed domains and ports-to.. it's
> the only way I can think of making it work, and easier to manage. Mind you,
> this would mean that people can see what domains use a particular port-set
> on my servers... so "technically" a breach of privacy but not really a
> security threat.
> 
> Now a note to Gabriel -- are you SURE you placed the new jar in the correct
> location?? the class not found error means to me that you either don't have
> it in the right place, or, you have a path issue -- OR --- you perhaps have
> a filename CASE issue? on unix, unity_optional.jar is NOT the same as
> Unity_optional.jar, or unity_Optional.jar, etc... double check those..
> 
> -Jayson
> 
> On Fri, Apr 11, 2008 at 3:02 PM, Discussion list for Unity developers. <
> unity-dev at moock.org> wrote:
> 
>> yup, that's all definitely true. (except for the stupid adobe part. as
>> much as it's annoying, security is critical for flash player's success.
>> just recently, usatoday.com was subject to a redirect attack that
>> exploited flash player's old security model. if flash player gets a
>> reputation for being insecure, the platform will die quickly.)
>>
>> jayson, have you tried the patch approach yet? for testing purposes,
>> we'd like to get as many installations as possible with the patch
>> approach while we work on the real fix.
>>
>> colin
>>
>>
>> Discussion list for Unity developers. wrote:
>>> fwiw, I took an old copy of Unity1 and simply modified the room
>> dispatcher
>>> to wait for the policy request, and then to send out the policy from a
>> file
>>> system file. ..this is working for me and a few clients right now
>> without
>>> issue.. the downside is that it's a second "application" to manage, and
>> uses
>>> up more resources than should be necessary.. but it works.. no restart
>> of
>>> the primary service or changes otherwise
>>>
>>> this could be done by any simple server created with any language
>> running
>>> along side U2 -- in java, vb or whatever.. it literally just has to
>> accept
>>> connections on port 843 (or whatever you want), and wait for the
>> request,
>>> and then send out the policy data and terminate the connection. In my
>> case,
>>> 843 worked easily enough with no code changes anywhere else whatsoever.
>>>
>>> stupid adobe.
>>>
>>>
>>>
>>> -Jayson
>>>
>>> On Fri, Apr 11, 2008 at 8:30 AM, Discussion list for Unity developers. <
>>> unity-dev at moock.org> wrote:
>>>
>>>> HI all and thanks for all your replies and sorry for being so
>> stressed...
>>>> so here is the result of testing with realterm:
>>>>
>>>> each time i'm clicking on "open" button with mydomain.com:843, unity
>>>> log.txt
>>>> write the following:
>>>>
>>>>
>>>> Exception in thread "Thread-5" java.lang.NoClassDefFoundError:
>>>> org/moock/unity/core/ClientBufferedReader
>>>>        at
>>>>
>>>>
>> org.moock.unity.opt.policyserver.PolicyServer$Client.<init>(PolicyServer.java:122)
>>>>        at
>>>> org.moock.unity.opt.policyserver.PolicyServer.run(PolicyServer.java:85)
>>>>        at java.lang.Thread.run(Unknown Source)
>>>>
>>>> i have 2.0.2 release running for theses tests...
>>>>
>>>> Regards
>>>>
>>>> Gabriel
>>>>
>>>> ----- Original Message -----
>>>> From: "Discussion list for Unity developers." <unity-dev at moock.org>
>>>> To: <unity-dev at moock.org>
>>>> Sent: Friday, April 11, 2008 8:17 AM
>>>> Subject: ||unity-dev|| testing Unity's policy file server
>>>>
>>>>
>>>>> a quick note for those troubleshooting unity's policy file server.
>>>>>
>>>>> To test whether the Policy File Server is running properly on the
>>>>> intended port, use a terminal to telnet to the port, then send the
>>>>> string "<policy-file-request/>" followed by a null byte (ASCII 0). On
>>>>> Windows, the free software RealTerm (http://realterm.sourceforge.net)
>>>>> can be used to connect and send the required message.
>>>>>
>>>>> Steps for testing with RealTerm:
>>>>> 1) on the Display tab, check "Half Duplex"
>>>>> 2) on the Port tab, in the port pulldown, enter your domain and port
>> in
>>>>> the following format:
>>>>>
>>>>> yourdomain.com:nnn
>>>>>
>>>>> (where nnn is your port)
>>>>> 3) Click "Open"
>>>>> 4) on the Send tab, in the first pulldown menu to the left of "Send
>>>>> Numbers", enter <policy-file-request/>
>>>>> 5) click Send ASCII
>>>>> 6) click the "0" button
>>>>>
>>>>> if the policy file server is working properly, you should see the
>>>>> contents of your policy.xml file appear in the terminal window.
>>>>>
>>>>> colin
>>>>>
>>>>> --
>>>>> you're a unity-dev subscriber. to unsubscribe, visit
>>>>> www.moock.org/mailman/listinfo/unity-dev/
>>>>>
>>>>> superb hosting for this list and moock.org is generously provided by
>>>>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>>>>>
>>>>>
>>>>
>>>> --
>>>> you're a unity-dev subscriber. to unsubscribe, visit
>>>> www.moock.org/mailman/listinfo/unity-dev/
>>>>
>>>> superb hosting for this list and moock.org is generously provided by
>>>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>>>>
>>> --
>>> you're a unity-dev subscriber. to unsubscribe, visit
>> www.moock.org/mailman/listinfo/unity-dev/
>>> superb hosting for this list and moock.org is generously provided by
>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>> --
>> you're a unity-dev subscriber. to unsubscribe, visit
>> www.moock.org/mailman/listinfo/unity-dev/
>>
>> superb hosting for this list and moock.org is generously provided by
>> Rackspace. See: http://www.rackspace.com/?supbid=moock
>>
> --
> you're a unity-dev subscriber. to unsubscribe, visit www.moock.org/mailman/listinfo/unity-dev/
> 
> superb hosting for this list and moock.org is generously provided by Rackspace. See: http://www.rackspace.com/?supbid=moock

More information about the unity-dev mailing list