unity

Unity Technote 00001: Policy Files Now Mandatory

Unity Customer Advisory: In April 2008, Adobe imposed new security restrictions on socket connections made by Flash Player. Starting with Flash Player 9.0.124.0, all socket connections made to Unity Multiuser Server require authorization via a socket policy file.

Effective immediately, all Unity Multiuser Server customers must configure Unity Multiuser Server to serve either a socket master policy file or a regular socket policy file.

Policy File Quick-Fix Instructions

Existing Unity Multiuser Server users can meet Flash Player 9.0.124.0's new policy-file requirement by following these steps:

1. Upgrade to Unity Multiuser Server version 2.0.3.
2. Configure Unity Multiuser Server 2.0.3 to serve a socket master policy file (system root access required).

1. Upgrade to Unity Multiuser Server version 2.0.3.
2. Configure Unity Multiuser Server 2.0.3 to serve a regular socket policy file.
3. Configure your client application(s) to manually retrieve your socket policy file.

We recommend using a socket master policy file if:

• you have root access to your server
• you prefer to manage your server's authorized hosts and ports centrally

We recommend using a regular socket policy file if:

• you do not have root access to your server
• you prefer to let each application individually determine its own authorized hosts and ports

Customers unfamiliar with Flash Player's policy file system are advised to read Technote 00005: Introduction to Flash Player Socket Policy Files before choosing a type of policy file. By default, Unity Multiuser Server 2.0.3 and higher is configured to serve a regular socket policy file over port 9102.

Instructions for customers who already serve policy files

Even if you already serve a policy file through Unity, you must still take the following action:

• Ensure that your policy file includes the host on which you are running Unity in an <allow-access-from> tag.
• Update your software to Unity Multiuser Server 2.0.3. Version 2.0.3 includes a bug fix that eliminates an intermittent problem related to policy file retrieval.

Legacy crossdomain.xml files

Questions and troubleshooting

All questions regarding Unity policy file configuration should be posted to the unity-dev mailing list.

Once you have configured Unity to serve a policy file, you can test the effectiveness of that file by enabling Flash Player's policy-file-logging feature, as described under Using Logging in Adobe's article "Security changes in Flash Player 9".

To test whether Unity's Policy File Server is running properly on the intended port, use a terminal to telnet to the port, then send the string "<policy-file-request/>" followed by a null byte (ASCII 0). On Windows, the free software RealTerm can be used to connect and send the required message.

Further information

For complete coverage of all new security restrictions in Flash Player 9.0.124.0, see Adobe's article Security changes in Flash Player 9.

Revision history

April 5, 2008: Posted
April 11, 2008: Added link to RealTerm for testing.