FlashSocket 통신 보안 전략

1、    

       flash   html   ,     ,swf        socket  。Flash       :
securityErrorHandler  : [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"]

                           ,        。         。

2.    :

           Flash player 9.0.124.0, flash     socket     ,         crossdomain.xml  。                     。

  flash  socket       

             flash  socket                843  ,  Crossdomain.xml  ,         843   ,flashPlayer        swf         Security.loadPolicyFile        Crossdomain.xml,                swf               。           ,          。

       Flash player      ?

                      。   Flash Player     urlRequest http      xmlsocket socket  ,             。                    。      ,            http                    ,     socket         socket           。

              :
      http  ——》Security.loadPolicyFile(“http://www.xxx.com/crossdomain.xml”)
      socket xmlsocket  ——》Security.loadPolicyFile(“xmlsocket://www.xxx.com:port”)

   Socke      Flash Player

      Flash Player   socket.connect("domain",port)    ,               socket    843   (  Adobe             843   Flash Player )        "<policy-file-request/>",               843             ,    XML             。(                "\0")

            843          。  Flash Player   843       ,          Flash                ,            。           http  ,   xmlsocket  。(            xmlsocket  ,             )。      1234       Flash       Security.loadPolicyFile(“xmlsocket://www.xxx.com:1234”),               socket.connect  。

            ,     socket          。       socket.connect("192.168.1.100",8888),                "<policy-file- request/>"   ,                xml       。

         (   Flash CS3     Flash Player   ——》         )

1、  web       

              ,          *.iflashigame.com   192.0.34.166   SWF   。

<?xml version="1.0"?>
<cross-domain-policy>
    <allow-access-from domain="*.iflashigame.com" />
    <allow-access-from domain="192.0.34.166" />
</cross-domain-policy>

    :
           ,          crossdomain.xml,              。  ,SWF          Security.loadPolicyFile()                    。                          。  ,                 ,                            。

                         。  ,   https://www.adobe.com:8080/crossdomain.xml              8080    HTTPS   www.adobe.com          。

2、  Socket     

<cross-domain-policy>
   <allow-access-from domain="*" to-ports="507" />
   <allow-access-from domain="*.example.com" to-ports="507,516" />
   <allow-access-from domain="*.example2.com" to-ports="516-523" />
   <allow-access-from domain="www.example2.com" to-ports="507,516-523" />
   <allow-access-from domain="www.example3.com" to-ports="*" />
</cross-domain-policy>

                         。

    

flash xmlsocket policy   
Policy file changes in Flash Player 9
Setting up a socket policy file server
Understanding Flash Player 9 April 2008 Security Update compatibility

       Java      

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.ServerSocket;
import java.net.Socket;

public class SecurityXMLServer implements Runnable {

   private ServerSocket server;
   private BufferedReader reader;
   private BufferedWriter writer;
   private String xml;
  
   public SecurityXMLServer()
   {
     String path = "policyfile    ";
     //          xml      dom sax
     //xml = readFile(path, "UTF-8");
       /**
             xml     ,     ,  xml      
        */
     xml="<cross-domain-policy> "
        +"<allow-access-from domain=\"*\" to-ports=\"1025-9999\"/>"
     +"</cross-domain-policy> ";
     System.out.println("policyfile    : " + path);
     System.out.println(xml);
    
     //  843  
     createServerSocket(843);
     new Thread(this).start();
   }

   //     
   private void createServerSocket(int port)
   {
     try {
       server = new ServerSocket(port);
       System.out.println("      :" + port);
     } catch (IOException e) {
       System.exit(1);
     }
   }

   //       
   public void run()
   {
     while (true) {
       Socket client = null;
       try {
        //        
         client = server.accept();

         InputStreamReader input = new InputStreamReader(client.getInputStream(), "UTF-8");
         reader = new BufferedReader(input);
         OutputStreamWriter output = new OutputStreamWriter(client.getOutputStream(), "UTF-8");
         writer = new BufferedWriter(output);

         //          
         StringBuilder data = new StringBuilder();
         int c = 0;
         while ((c = reader.read()) != -1)
         {
           if (c != '\0')
             data.append((char) c);
           else
             break;
         }
         String info = data.toString();
         System.out.println("     : " + info);
        
         //           ,         
         if(info.indexOf("<policy-file-request/>") >=0)
         {
           writer.write(xml + "\0");
           writer.flush();
           System.out.println("          : " + client.getInetAddress());
         }
         else
         {
           writer.write("      \0");
           writer.flush();
           System.out.println("      : "+client.getInetAddress());
         }
         client.close();
       } catch (Exception e) {
         e.printStackTrace();
         try {
           //        
           if (client != null) {
             client.close();
             client = null;
           }
         } catch (IOException ex) {
           ex.printStackTrace();
         } finally {
           //        
           System.gc();
         }
       }
     }
   }
  
   //     
   public static void main(String[] args)
   {
     new SecurityXMLServer();
   }
}

좋은 웹페이지 즐겨찾기