unity  back to  


Get Unified

Unity Technote 00001: Policy Files Now Mandatory

Unity Customer Advisory: In April 2008, Adobe imposed new security restrictions on socket connections made by Flash Player. Starting with Flash Player 9.0.124.0, all socket connections made to Unity Multiuser Server require authorization via a socket policy file.

Effective immediately, all Unity Multiuser Server customers must configure Unity Multiuser Server to serve either a socket master policy file or a regular socket policy file.

Policy File Quick-Fix Instructions

Existing Unity Multiuser Server users can meet Flash Player 9.0.124.0's new policy-file requirement by following these steps:

  1. Upgrade to Unity Multiuser Server version 2.0.3.
  2. Configure Unity Multiuser Server 2.0.3 to serve a socket master policy file (system root access required).
Or:
  1. Upgrade to Unity Multiuser Server version 2.0.3.
  2. Configure Unity Multiuser Server 2.0.3 to serve a regular socket policy file.
  3. Configure your client application(s) to manually retrieve your socket policy file.

We recommend using a socket master policy file if:

We recommend using a regular socket policy file if:

Customers unfamiliar with Flash Player's policy file system are advised to read Technote 00005: Introduction to Flash Player Socket Policy Files before choosing a type of policy file. By default, Unity Multiuser Server 2.0.3 and higher is configured to serve a regular socket policy file over port 9102.

Instructions for customers who already serve policy files

Even if you already serve a policy file through Unity, you must still take the following action:

Legacy crossdomain.xml files

If you previously used a webroot-level crossdomain.xml file to authorize socket connections, you should leave it in place. Legacy versions of Flash Player will continue to require it when evaluating socket connections made by legacy .swf files.

Questions and troubleshooting

All questions regarding Unity policy file configuration should be posted to the unity-dev mailing list.

Once you have configured Unity to serve a policy file, you can test the effectiveness of that file by enabling Flash Player's policy-file-logging feature, as described under Using Logging in Adobe's article "Security changes in Flash Player 9".

To test whether Unity's Policy File Server is running properly on the intended port, use a terminal to telnet to the port, then send the string "<policy-file-request/>" followed by a null byte (ASCII 0). On Windows, the free software RealTerm can be used to connect and send the required message.

Further information

For complete coverage of all new security restrictions in Flash Player 9.0.124.0, see Adobe's article Security changes in Flash Player 9.

Revision history

April 5, 2008: Posted
April 11, 2008: Added link to RealTerm for testing.