OEM Security Policy Violation

Hi,
There are thousands of policy violation in my OEM page. Some are very old. I would like to clear those violations. Can somebody help me out.
Also, what is the difference between suppressing the violations and clearing them.
Can a script be written to clear the violations on a regular basis ??
Help would be much appreciated.

I have Grid Control...my oracle version is 10.2.0.4..
I followed the steps..
Target home page > Policy violations > Current > Violation Count
Clicked the link which took me to "policy violation details"
This is what i have learnt sofar...It seems we can manually clear the policy violation logs which are older enough, rahter than waiting for the Default Evaluation to take place....
I would like to know how it could be done...

Similar Messages

Oracle Security : what do you think about the following policy violation ?

If you install OEM10, you will be able to see if you violate some security guidelines :
Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
About JAccelerator (NCOMP), it is located on the "companion" CD.
Ok, Waiting for your feedback
Regards
Laurent
[High]      Critical Patch Advisories for Oracle Homes     Configuration     Host     Checks Oracle Homes for missing critical patches
[High]      Insufficient Number of Control Files     Configuration     Database     Checks for use of a single control file
[High]      Open ports     Security     Host     Check for open ports
[High]      Remote OS role     Security     Database     Check for insecure authentication of remote users (remote OS role)
[High]      EXECUTE UTL_FILE privileges to PUBLIC     Security     Database     Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package
[High]      Listener direct administration     Security     Listener     Ensure that listeners cannot be administered directly
[High]      Remote OS authentication     Security     Database     Check for insecure authentication of remote users (remote OS authentication)
[High]      Listener password     Security     Listener     Test for password-protected listeners
[High]      HTTP Server Access Logging     Security     HTTP Server     Check that HTTP Server access logging is enabled
[High]      Web Cache Access Logging     Security     Web Cache     Check that Web Cache access logging is enabled
[High]      Web Cache Dummy wallet     Security     Web Cache     Check that dummy wallet is not used for production SSL load.
[High]      HTTP Server Dummy wallet     Security     HTTP Server     Check that dummy wallet is not used for production SSL load.
[High]      Web Cache owner and setuid bit'     Security     Web Cache     Check that webcached binary is not owned by root and setuid is not set
[High]      HTTP Server Owner and setuid bit     Security     HTTP Server     Check the httpd binary is not owned by root and setuid bit is not set.
[High]      HTTP Server Directory Indexing     Security     HTTP Server     Check that Directory Indexing is disabled on this HTTP Server
[High]      Insufficient Redo Log Size     Storage     Database     Checks for redo log files less than 1 Mb
[Medium]      Insufficient Number of Redo Logs     Configuration     Database     Checks for use of less than three redo logs
[Medium]      Invalid Objects     Objects     Database     Checks for invalid objects
[Medium]      Insecure services     Security     Host     Check for insecure services
[Medium]      DBSNMP privileges     Security     Database     Check that DBSNMP account has sufficient privileges to conduct all security tests
[Medium]      Remote password file     Security     Database     Check for insecure authentication of remote users (remote password file)
[Medium]      Default passwords     Security     Database     Test for known accounts having default passwords
[Medium]      Unlimited login attempts     Security     Database     Check for limits on the number of failed logging attempts
[Medium]      Web Cache Writable files     Security     Web Cache     Check that there are no group or world writable files in the Document Root directory.
[Medium]      HTTP Server Writable files     Security     HTTP Server     Check that there are no group or world writable files in the Document Root directory
[Medium]      Excessive PUBLIC EXECUTE privileges     Security     Database     Check for PUBLIC having EXECUTE privileges on powerful packages
[Medium]      SYSTEM privileges to PUBLIC     Security     Database     Check for SYSTEM privileges granted to PUBLIC
[Medium]      Well-known accounts     Security     Database     Test for accessibility of well-known accounts
[Medium]      Execute Stack     Security     Host     Check for OS config parameter which enables execution of code on the user stack
[Medium]      Use of Unlimited Autoextension     Storage     Database     Checks for tablespaces with at least one datafile whose size is unlimited
[Informational]      Force Logging Disabled     Configuration     Database     When Data Guard Broker is being used, checks primary database for disabled force logging
[Informational]      Not Using Spfile     Configuration     Database     Checks for spfile not being used
[Informational]      Use of Non-Standard Initialization Parameters     Configuration     Database     Checks for use of non-standard initialization parameters
[Informational]      Flash Recovery Area Location Not Set     Configuration     Database     Checks for flash recovery area not set
[Informational]      Installation of JAccelerator (NCOMP)     Installation     Database     Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes
[Informational]      Listener logging status     Security     Listener     Test for logging status of listener instances
[Informational]      Non-uniform Default Extent Size     Storage     Database     Checks for tablespaces with non-uniform default extent size
[Informational]      Not Using Undo Space Management     Storage     Database     Checks for undo space management not being used
[Informational]      Users with Permanent Tablespace as Temporary Tablespace     Storage     Database     Checks for users using a permanent tablespace as the temporary tablespace
[Informational]      Rollback in SYSTEM Tablespace     Storage     Database     Checks for rollback segments in SYSTEM tablespace
[Informational]      Non-System Data Segments in System Tablespaces     Storage     Database     Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX
[Informational]      Users with System Tablespace as Default Tablespace     Storage     Database     Checks for non-system users using SYSTEM or SYSAUX as the default tablespace
[Informational]      Dictionary Managed Tablespaces     Storage     Database     Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)
[Informational]      Tablespaces Containing Rollback and Data Segments     Storage     Database     Checks for tablespaces containing both rollback (other than SYSTEM) and data segments
[Informational]      Segments with Extent Growth Policy Violation     Storage     Database     Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settings

Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
UTL_FILE_DIR=*which I sincerely hope you're not.
As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
Cheers, APC

Flex == Socklet Policy == Security sandbox violation ?!?!?!?!

Please help me with this problem. I'v had this problem for
over a month
I'm trying to connect to my C# server through my Flex client.
Flex client in running on IIS (c:/inetpub/wwwroot)
the policy file in on the root folder of IIS
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="false"
/>
</cross-domain-policy>
1: I tried to use the loadPolicy method before i connect
through sockets
Security.loadPolicyFile("h ttp://localhost/crossdomain.xml");
(space does not exist in real code)
2: flex sends this message to server side while connecting
("<policy-file-request/>") so as soon as i get this message
on server side i read the policy text from crossdomain.xml and i
send ti back to the client.
eventhough i get a security error the client is still able to
connect to the server and send messages but it cannot receive any
message
I get the following security error:
[SecurityErrorEvent
type="securityError" bubbles=false cancelable=false eventPhase=2
text="Error #2048: Security sandbox violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000."]Error #2048: Security sandbox
violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000.
y am i still getting this error???????????
some people suggested to read the log files: but i followed
all adobe tutorials to turn os loggin, but couldn't get it to work.
mm.cfg does not exist, log folder for flash player does not exist,
log.txt for flash player does not exists.

Hi,
In the move from Flash Player 9 to 10, Adobe increased the security constraints on sockets. If you are using sockets to connect to an "un-trusted" server, then you will still need a Cross-Domain Policy file, however that policy file must also be served up through sockets (not through HTTP).
You will need to run a socket server on the server you are connecting to in order to serve up the appropriate XML document through port 843 (by default). This socket server can be implemented in any number of ways, but I use a Java socket server that Thomas over at LessRain has posted on their blog. You can find it here: http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
Good luck,
Taylor
4Point Solutions Ltd.
http://blogs.4point.com/taylor.bastien/

Security sandbox violation

Can someone please help me see what's wrong with this picture? Why is this security error happening? Is there something I need to change with my crossdomain.xml file?
LoadURL loadError [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mysite/mySWF.swf cannot load data from http://mysite.com/scripts/myScript.php."]
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<site-control permitted-cross-domain-policies="master-only" />
<cross-domain-policy>
<allow-access-from domain="mysite.com" />
<allow-access-from domain="www.mysite.com" />
<allow-access-from domain="*.mysite.com" />
</cross-domain-policy>

nevermind, idk why I put the site control node outside of the cross-domain-policy root.

Security Sandbox violation, opening links in Flash player

Hi,
I have a swf content and its content served from a content management server say for eg, http://www9.abc.com into the html file which is served from http://qwww9.abc.com The links embedded in the flash were not working, when these links are clicked I get this error when tried with Flash debugger player.
*** Security Sandbox Violation ***SecurityDomain 'http://qwww9.abc.com/' tried to access incompatible context 'https://www9.abc.com/sample.swf'
I had set a crossdomain policy file in a custom location in the content management server for this issue, but with the Flash player 9,0,115,0 this stopped working due to default policy change to "master-only". I will not be able to have this policy file in the root folder of the content management server or have the policy set in the HTTP response header.
Is there anyother solution for this issue, for having the links work without setting the crossdomain policy file?
Thanks in advance...

How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
Any input on how to set it would be greatly appreciated. Thanks!

Security sandbox violation: BitmapData.draw

Hello,
I got this error:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw: A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
when I try to draw a frame of a movie that is downloading from another server. Crossdomain.xml is set. Another Jpgs are correctly drawn but only a movie causes an error.
I need to checkPolicyFile but where should I do this? I have no direct access to Loader to set up LoaderContext(true) ...
Thanks,
Michal

I too would love to know how we can pass in our own LoaderContext to set the security domain. I'm receiving the same error after snapshotting a loaded SWFElement bug/watermark.
e.g.
var bug:MediaElement = new SWFElement(new URLResource(url));
var bugTrait:LoadTrait = bug.getTrait(MediaTraitType.LOAD) as LoadTrait;
bugTrait.load();

Content security policy not being respected

The following (seemingly valid) Content Security Policy does not work in Safari:
script-src 'unsafe-eval' 'self' by.uservoice.com widget.uservoice.com www.google.com use.typekit.net js.stripe.com localhost:35739
Errors occur for a number of requests to the permitted services, including e.g.:
Refused to load the script 'https://js.stripe.com/v1/?_=1398952171104' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' by.uservoice.com widget.uservoice.com www.google.com use.typekit.net js.stripe.com localhost:35739".

Thanks for your reply gdgmac.
Is there no easier way to do this?
I understand I could backup, reset, then restore, but I was hoping there was some easier way.
Out of curiosity, is this as-per-design?
Many thanks for your help again,
Chris

Security Permissions Violation in my application

In my application rarely security permissions are violating
what may be the reasons.

We are Not GOD............. Give more details.. what kind of application, where the security policy is defined, how users are getting in to applications.. bla bla

Security Sandbox Violation when calling a remote service from a worker

From my application, I make calls to a BlazeDS server, that works fine.
I added a worker that calls the same services on the same server. But then, only for the calls from the worker, I have a Security Sandbox Violation error. I launch the application from FB in debug mode.
This is the message :
Error: [strict] Ignoring policy file at http://xxxxxxxxxxxx/crossdomain.xml due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
*** Security Sandbox Violation ***
Connection to http://xxxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling halted - not permitted from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf
Error: Request for resource at http://xxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling by requestor from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf is denied due to lack of policy file permissions.
What should I do to allow the worker to make remote calls ?

I made some progress on this. There are two different cases :
1) The service you want to access has a crossdomain.xml file
All the workers can access the service without a problem.
2) The service you want to access doesn't have a crossdomain.xml file
Whether you launch from FB in debug mode or you put your application on the same server you are trying to access, only the primordial worker will access the service, the other workers will encounter a security error.
I believe this is a bug. Shouldn't a worker have the same access privileges as the primordial worker ?

Security Sandbox violation bitmapData.draw() cant access null

very strange. I am testing with two different HD streams. One an akamai stream and another one of our clients not on akamai and using an F4M manifest file. I have tried allowing the domain and they have a crossdomain.xml file on their side but i still get this error.
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://web.mobilerider.com/flash/osmflive/OSMF_Live.swf?mediaID=190&vendorID=513&extras=vs :1,skin:osmf_live,muteOn:0,autoplay:1,live:1,showArchive:1,&serviceID=2&jsID=1316213568052 cannot access null. No policy files granted access.
any help would be very appreciated, thanks

Hello!
This seems to be relevant:
http://forums.adobe.com/message/3759490#3759490

Error #2048: Security sandbox violation: Urgent Checked the forum none of the solutions worked

Hi all,
    I am new to flex . I am trying to connect to my localhost using the XMLSocket like below
    var xmlsock:XMLSocket = new XMLSocket(); // Line #187
    xmlsock.connect(127.0.0.1, 8080);
    xmlsock.send(xml);
But after a Minute I get this below error
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: app:/main.swf cannot load data from 127.0.0.1:8080.
    at main/handleLogin()[C:\Documents and Settings\Vulcantech\My Documents\Flex Builder 3\src\main.mxml:187]
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at mx.rpc.http.mxml::HTTPService/http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()[C:\autobuild\3.2.0\framewor ks\projects\rpc\src\mx\rpc\http\mxml\HTTPService.as:290]
    at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::resultHandler()[C:\autobuild\3.2.0\frameworks\ projects\rpc\src\mx\rpc\AbstractInvoker.as:193]
    at mx.rpc::Responder/result()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\Responde r.as:43]
    at mx.rpc::AsyncRequest/acknowledge()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\ AsyncRequest.as:74]
    at DirectHTTPMessageResponder/completeHandler()[C:\autobuild\3.2.0\frameworks\projects\rpc\s rc\mx\messaging\channels\DirectHTTPChannel.as:403]
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at flash.net::URLLoader/onComplete()
Thanks in advance
Balaji

Hi Alex,
   Thanks for the Link . I saw the link and have done the same steps as said in that . I have created a crossdomain.xml file in my 127.0.0.1 and i can also see that the policy being accepted in the "C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\Logs" . I have pasted the lines in policyfiles.txt below.
    OK: Root-level SWF loaded: app:/main.swf
    OK: Policy file accepted: http://127.0.0.1/crossdomain.xml
   But I still get that sandbox violation error. I have tried the below solutions and none of them worked
       1) security.allowDomain("*");
       2) crossdomain xml in the webroot of the accessing server like below
                    <?xml version="1.0"?>
                     <!DOCTYPE cross-domain-policy SYSTEM “http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd”>
                     <cross-domain-policy>
                        <site-control permitted-cross-domain-
policies="all" />
                         <allow-access-from domain="*" to-ports="*" />
                   </cross-domain-policy>
       3) I saw that adding the Application path in the "C:\Documents and Settings\username\Application Data\Flash Player\#Security\FlashPlayerTrust\flexbuilder.cfg" will remove the sandbox violation but this also didnt work
       4) "Project - Properties - Flex Compiler - Additional compiler arguments:" add   -use-network=true and then recompile and post to server
       5) I have also checked the policy file logs
Thanks in advance
Balaji

Policy Violation Details: Background Dump Destination

Oem grid control 10.2.0.1.
I have this policy violation:
Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Here is my folder permissions:
[oracle@dbdev juk_dev]$ pwd
/opt/oracle/app/oracle/admin/juk_dev
[oracle@dbdev juk_dev]$ ll
total 32
drwxr-xr-x 2 oracle oinstall 4096 Apr 30 17:26 bdump
drwxr-xr-x 26 oracle oinstall 4096 Apr 23 14:29 cdump
drwxr-xr-x 2 oracle oinstall 4096 Feb 19 16:01 create
drwxr-xr-x 2 oracle oinstall 4096 Apr 18 15:43 dpdump
drwxr-xr-x 2 oracle oinstall 4096 Feb 19 16:01 pfile
drwxr-xr-x 2 oracle oinstall 12288 May 2 17:23 udump
All i did was install oracle using the documentation.
chmod -R 775 /mount_point/app/oracle_sw_owner
Is this the right command to restrict the rights for my traces files so oem stop it's alert?
chmod -R o-rx /opt/oracle/app/oracle/admin/

Yes thats what OEM wants. It unfortunate that out of the box install of Oracle creates a lot of these policy alerts.

Socket and Security Policy

I've tried to set experiment with Socket communication in Flex, but I keep hitting problems. Approach 1: in a Flex web app, I load a crossdomain security policy from a server. I then open a socket and write a few bytes to the server. In my server, I do not get the expected output on the stream--in fact, I get nothing at all--until I close the Flex application, at which point I get a seemingly inifinite stream of the bytes '0xEFBFBF'. Here's a hexdump view of a fragment of the data Flash Player sends to the server after I close the Flex app:
00000130 ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef |................|
00000140 bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf |................|
00000150 bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf |................|
Approach 2: I then tried it in air, but although the connection seems to initiate properly and I can go through the above trivial client-server interaction, after a few seconds, I get a SecurityErrorEvent. From what I've been able to follow of the docs, Air applications are trusted in this respect, and should not need to load security policy, right? I tried to add a call to Security.loadPolicy(), but it seems to be ignored. This is the message flow:
Received [class Event] connect
Received [class ProgressEvent] socketData
Received [class Event] close
Received [class SecurityErrorEvent] securityError
Security error: Error #2048: Security sandbox violation: app:/main.swf cannot load data from localhost:5432.
The Air version of my client code is below:
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
<mx:Script>
    <![CDATA[
        var str:Socket;
        private function handleClick(e:Event):void {
            Security.loadPolicyFile("xmlsocket://localhost:2525");
            str = new Socket('localhost', 5555);
            var message:String = 'hello';
            for (var i:int = 0; i < message.length; i++) {
                str.writeByte(message.charCodeAt(i));
            str.writeByte(0);
            str.flush();
            str.addEventListener(Event.ACTIVATE, handleEvent);
            str.addEventListener(Event.CLOSE, handleEvent);
            str.addEventListener(Event.CONNECT, handleEvent);
            str.addEventListener(Event.DEACTIVATE, handleEvent);
            str.addEventListener(IOErrorEvent.IO_ERROR, handleEvent);
            str.addEventListener(ProgressEvent.SOCKET_DATA, handleEvent);
            str.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleEvent);
        private function handleEvent(e:Event):void {
             trace("Received", Object(e).constructor, e.type);
             if (e is ProgressEvent) {
                 var strBytes:Array = [];
                 while(str.bytesAvailable > 0) {
                     var byte:int = str.readByte();
                     strBytes.push(byte);
                 trace(String.fromCharCode.apply(null, strBytes));
             } else if (e is SecurityErrorEvent) {
                 trace("Security error:", SecurityErrorEvent(e).text);
    ]]>
</mx:Script>
<mx:Button label="test" click="handleClick(event)"/>
</mx:WindowedApplication>
The server is in Java and is as follows:
import java.net.*;
import java.io.*;
public class DeadSimpleServer implements Runnable {
    public static void main(String[] args) throws Exception {
        if (args.length != 2) {
            throw new Exception("Usage: DeadSimpleServer policy-port service-port");
        int policyPort = Integer.parseInt(args[0]);
        int servicePort = Integer.parseInt(args[1]);
        new Thread(new DeadSimpleServer(policyPort,
                                        "<?xml version=\"1.0\"?>\n" +
                                        "<cross-domain-policy>\n" +
                                        "<allow-access-from domain=\"*\" to-ports=\"" + servicePort + "\"/>\n" +
                                        "</cross-domain-policy>\n"
                   ).start();
        new Thread(new DeadSimpleServer(servicePort, "world")).start();
        while (true) Thread.sleep(1000);
    private int port;
    private String response;
    public DeadSimpleServer(int port, String response) {
        this.port = port;
        this.response = response;
    public String getName() {
        return DeadSimpleServer.class.getName() + ":" + port;
    public void run() {
        try {
            ServerSocket ss = new ServerSocket(port);
            while (true) {
                Socket s = ss.accept();
                System.out.println(getName() + " accepting connection to " + s.toString());
                OutputStream outStr = s.getOutputStream();
                InputStream inStr = s.getInputStream();
                int character;
                System.out.print(getName() + " received request: ");
                while ((character = inStr.read()) != 0) {
                    System.out.print((char) character);
                System.out.println();
                Writer out = new OutputStreamWriter(outStr);
                out.write(response);
                System.out.println(getName() + " sent response: ");
                System.out.println(response);
                System.out.println(getName() + " closing connection");
                out.flush();
                out.close();
                s.close();
        } catch (Exception e) {
            System.out.println(e);
Am I missing something? From what I understand, either of these approaches should work, but I'm stuck with both. I have Flash Player 10,0,15,3 and am working with Flex / Air 3.0.0 under Linux.

So... apparently, with the Air approach, this is what I was missing: http://www.ultrashock.com/forums/770036-post10.html
It'd be nice if FlashPlayer gave us a nicer error here.
I'm still trying to figure out what the heck is going on in the web app (i.e., non-Air Flex) example. If anyone has any suggestions, that would be very helpful.

BitmapData.draw() SecurityError: Security sandbox violation

i am loading and playing a local video file with appendBytes() and when i call a bitmapData.draw() function
below exception comes up.
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
cannot access null. No policy files granted access.
what should i do???....

Sir i already mention in my last message i test it with both relative and absolute.
Yes i khow relative paths works fine when i do some thing like this
<mx:VideoDisplay x="0" y="0" width="516" height="379" source="../user_data/uploads/cd73502828457d15655bbd7a63fb0bc8/v/1345023450-Action_.flv"/>
bitmap.draw works fine in above case but my scenario is different i am loading a complete video as bytearray before playing and play video from that bytes
private function fileLoaderComplete(event:Event):void
     //Pass the loaded bytes to player
       player.AddVideo(urlLoader.data);
//This is Add video Function in Player.mxml
public function AddVideo(VideobyteArray:ByteArray):void
                if(ns == null)
                    var nc:NetConnection = new NetConnection();
                    nc.connect(null);
                    ns = new NetStream(nc);
                   // ns.checkPolicyFile = true;
                    ns.soundTransform = new SoundTransform(0.0);
                    ns.client = this;
                    ns.addEventListener(NetStatusEvent.NET_STATUS, nsStatus);
                videoData = VideobyteArray;
                GetTags(videoData);
                ns.play(null);
                ns.appendBytesAction(NetStreamAppendBytesAction.RESET_BEGIN);
                ns.appendBytes(VideobyteArray);
                video.attachNetStream(ns);
                playBar.TogglePlay(true);
i think its a bug in flash sdk 4.6 (Flash Player 11)
bitmap.draw function somehow conflicts with the appendBytesAction or appendBytes
this question is posted on ActionScript 3.0 forum before
http://forums.adobe.com/message/4650890#4650890
http://flash.bigresource.com/flash-use-BitmapData-draw-with-NetStream-appendBytes--iTNz6LV JM.html
http://stackoverflow.com/questions/5607047/how-can-i-use-bitmapdata-draw-with-netstream-ap pendbytes

SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: cannot access

When we try to print the Google Map API for Flash component, it is throwing the Security Sandbox Violation
SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1 cannot access http://mt1.google.com/vt/lyrs=m@171000000&hl=en&src=api&x=1&y=1&z=1&s=Gali&flc=x3t. No policy files granted access.
at flash.display::BitmapData/draw()
To avoid this error we tried to use the alternate API provided by library. But that also causing cross domain issue as it loading some 3d library internally which is not able to access our application.
SecurityError: Error #2121: Security sandbox violation: BitmapData.draw: http://maps.googleapis.com/mapfiles/lib/map_1_20_10_3d.swf cannot access http://ps6143.persistent.co.in:8080/dv/SiteOptimizer/SiteOptimizer.swf/%5b%5bDYNAMIC%5d%5d /1http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1. This may be worked around by calling Security.allowDomain.
at flash.display::BitmapData/draw()
Please help us in resolving this issue.
Thanks & Regrds,
Ravi Darji

There is no redirect... Charles is a web proxy so it will look completely legitimate to the browser.
According to the help, it's getting the access request from the SWF itself and not the crossdomain.xml file:
In the case of a source object other than a loaded bitmap, the source object and (in the case of a Sprite or MovieClip object) all of its child objects must come from the same domain as the object calling the draw() method, or they must be in a SWF file that is accessible to the caller by having called the Security.allowDomain()method.
http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9 b90204-7d1b.html#WS5b3ccc516d4fbf351e63e3d118a9b90204-7c4a
So the default state accessing a SWF on a different domain is protected, unless that SWF allows some or all domains to access it via the Security.allowDomain() method.

OEM Security Policy Violation

Similar Messages

Maybe you are looking for