Socket connections blocked... (sandbox violation)

I'm having trouble with Flash Player 10, regarding opening of sockets. I have a socket server responding on port 843, my custom port and a web server hosting a crossdomain.xml file.
The problem is that when I try to run with the debugger, it won't even attempt to make a connection.
The policy log shows this:
OK: Root-level SWF loaded: file:///xxxxx/Main.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at xmlsocket://xxxxx.com:53280 by requestor from file:///xxxxx/Main.swf
Error: Failed to load policy file from xmlsocket://xxxxx.com:53280
Error: Request for resource at xmlsocket://xxxxx.com:53280 by requestor from file:///xxxxx/Main.swf has failed because the server cannot be reached.
The error is this:
Security error: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: file:///opt/Develop/glig/Flash/Widgets/chat/Main.swf cannot load data from xxxxx.com:53280."]
The sandbox mode is: localWithNetwork
The flash player version is: 10,0,22,87
I also used the line Security.loadPolicyFile("xmlsocket://xxxxx.com:53280"), but without success.
The remote server is reachable and responding to <policy-file-request/>, but does not register any connection attempts.
This all worked perfectly fine with version 9, where it would do a http request for crossdomain.xml. According to all the documentation I've read, my approach should work, but the player isn't even attempting to connect.
Does anyone have an idea?

You may have already solved this, but here's a response anyways.
Is your socket server serving up the policy file, or your web server (i.e. through HTTP)? If you are connecting through sockets, then the policy file must be served up through the socket server, it doesn't care about an HTTP policy.
Good luck!
Taylor
4Point Solutions Ltd.
http://blogs.4point.com/taylor.bastien/

Similar Messages

Sandbox violation when accessing sockets

Here is my code:
flex:
Security.loadPolicyFile("http://localhost/ufd/crossdomain.xml");
crossdomain.xml
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="http://localhost"/>
<allow-http-request-headers-from domain="192.168.1.12/ufd" headers="Authorization"/>
</cross-domain-policy>
I am getting an error connecting to a socket that runs on 92.168.1.12
Please help.

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://ufddb-02/ufd/Golf.swf cannot load data from ufddb-02:8001.
atGolf()
at_Golf_mx_managers_SystemManager/create()
atmx.managers.systemClasses::ChildManager/initializeTopLevelWindow()
atmx.managers::SystemManager/initializeTopLevelWindow()
atmx.managers::SystemManager/http://www.adobe.com/2006/flex/mx/internal::kickOff()
atmx.managers::SystemManager/http://www.adobe.com/2006/flex/mx/internal::preloader_completeHandler()
atflash.events::EventDispatcher/dispatchEventFunction()
atflash.events::EventDispatcher/dispatchEvent()
atmx.preloaders::Preloader/timerHandler()
atflash.utils::Timer/_timerDispatch()
atflash.utils::Timer/tick()

Establishing a socket connection between a .swf file and a socket-test program (TCP/IP builder - Windows), in AS3.

I have an issue with a college project I'm working on.
Using Actionscript 3, I made a simple .swf program, an animated, interactive smiley, that 'reacts' to number inputs in a input-box.
For the sake of the project, I now need to make the framework for establishing a socket connection with the smiley .swf, and another program.
This is where I encounter issues. I have very little knowledge of AS3 programming, so I'm not certain how to establish the connection - what's required code-wise for it, that is.
To test the connection, I'm attempting to use the "TCP/IP builder" program from windows, which lets me set up a server socket. I need to program the .swf file into a client - to recognize it, connect to it, then be able to receive data (so that the data can then be used to have the smiley 'react' to it - like how it does now with the input-box, only 'automatically' as it gets the data rather than by manual input).
My attempts at coding it are as follows, using a tutorial (linked HERE):
//SOCKET STUFF GOES HERE
    var socket:XMLSocket;
    stage.addEventListener(MouseEvent.CLICK, doConnect);
// This one connects to local, port 9001, and applies event listeners
    function doConnect(evt:MouseEvent):void
    stage.removeEventListener(MouseEvent.CLICK, doConnect);
    socket = new XMLSocket("127.0.0.1", 9001);
    socket.addEventListener(Event.CONNECT, onConnect);
    socket.addEventListener(IOErrorEvent.IO_ERROR, onError);
// This traces the connection (lets us see it happened, or failed)
    function onConnect(evt:Event):void
        trace("Connected");
        socket.removeEventListener(Event.CONNECT, onConnect);
        socket.removeEventListener(IOErrorEvent.IO_ERROR, onError);
        socket.addEventListener(DataEvent.DATA, onDataReceived);
        socket.addEventListener(Event.CLOSE, onSocketClose);
        stage.addEventListener(KeyboardEvent.KEY_UP, keyUp);
    function onError(evt:IOErrorEvent):void
        trace("Connect failed");
        socket.removeEventListener(Event.CONNECT, onConnect);
        socket.removeEventListener(IOErrorEvent.IO_ERROR, onError);
        stage.addEventListener(MouseEvent.CLICK, doConnect);
// Here, the flash tracks what keyboard button is pressed.
// If 'q' is pressed, the connection ends.
        function keyUp(evt:KeyboardEvent):void
        if (evt.keyCode == 81) // the key code for q is 81
            socket.send("exit");
        else
            socket.send(evt.keyCode);
// This one should handle the data we get from the server.
        function onDataReceived(evt:DataEvent):void
        try {
            trace("From Server:", evt.data );
        catch (e:Error) {
            trace('error');
    function onSocketClose(evt:Event):void
        trace("Connection Closed");
        stage.removeEventListener(KeyboardEvent.KEY_UP, keyUp);
        socket.removeEventListener(Event.CLOSE, onSocketClose);
        socket.removeEventListener(DataEvent.DATA, onDataReceived);
Trying to connect to the socket gives me either no result (other than a 'connection failed' message when I click the .swf), or the following error:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: file:///C|/Users/Marko/Desktop/Završni/Flash%20documents/Smiley%5FTCP%5FIP%5Fv4.swf cannot load data from 127.0.0.1:9001.
    at Smiley_TCP_IP_v4_fla::MainTimeline/doConnect()[Smiley_TCP_IP_v4_fla.MainTimeline::frame1:12]

Tried adding that particular integer code, ended up with either errors ("use of unspecified variable" and "implicit coercion") , or no effect whatsoever (despite tracing it).
Noticed as well that the earlier socket code had the following for byte reading:
"sock.bytesAvailable > 0" (reads any positive number)
...rather than your new:
"sock.bytesAvailable != 0" (reads any negative/positive number)
Any difference as far as stability/avoiding bugs goes?
So then, I tried something different: Have the program turn the "msg" string variable, into a "sentnumber" number variable. This seemed to work nicely, tracing a NaN for text (expected), or tracing the number of an actual number.
I also did a few alterations to the input box - it now no longer needs the 'enter' key to do the calculation, it updates the animation after any key release.
With all this considered and the requirements of the project, I now have a few goals I want to achieve for the client, in the following order of priority:
1) Have the "sentnumber" number variable be recognized by the inputbox layer, so that it puts it into the input box. So in effect, it goes: Connect -> Send data that is number (NaN's ignored) -> number put into input box -> key press on client makes animation react. I optionally might need a way to limit the number of digits that the animation reacts to (right now it uses 1-3 digit numbers, so if I get sent a huge number, it might cause issues).
- If the NaN can't be ignored (breaks the math/calculus code or some other crash), I need some way of 'restricting' the data it reads to not include NaN's that might be sent.
- Or for simplicity, should I just detect the traced "NaN" output, reacting by setting the number variable to be "0" in such cases?
2) After achieving 1), I'll need to have the process be automatic - not requiring a keyboard presses from the client, but happening instantly once the data is sent during a working connection.
- Can this be done by copying the huge amounts of math/calculus code from the inputbox layer, into the socket layer, right under where I create the "sentnumber" variable, and modifying it delicately?
3) The connection still has some usability and user issues - since the connection happens only once, on frame 1, it only connects if I already have a listening server when I run the client, and client can't re-connect if the server socket doesn't restart itself.
I believe to do this, I need to make the connection happen on demand, rather than once at the start.
For the project's requirement, I also need to allow client users to define the IP / port it's going to connect to (since the only alternative so far is editing the client in flash pro).
In other words, I need to make a "Connect" button and two textboxes (for IP and port, respectively), which do the following:
- On pressing "Connect", the button sets whatever is in the text boxes as the address of the IP and port the socket will connect to, then connects to that address without issues (or with a error message if it can't due to wrong IP/port).
- The connection needs to work for non-local addresses. Not sure if it can yet.
- On re-pressing connect, the previous socket is closed, then creates a new socket (with new IP/port, if that was altered)
It seems like making the button should be as simple as putting the existing socket code under the function of a button, but it also seems like it's going to cause issues similar to the 'looping frames' error.
4) Optional addition: Have a scrolling textbox like the AIR server has, to track what the connection is doing on-the-fly.
The end result would be a client that allows user to input IP/Port, connects on button press (optionally tracking/display what the socket is doing via scrollbox), automatically alters the smiley based on what numbers are sent whilst the connection lasts, and on subsequent button presses, makes a new connection after closing off the previous one.
Dropbox link to new client version:
https://www.dropbox.com/s/ybaa8zi4i6d7u6a/Smiley_TCP_IP_v7.fla?dl=0
So, starting from 1), can I, and how can I, get the number variable recognized by "inputbox" layer's code? It keeps giving me 'unrecognized variable' errors.

Error #2048 (Sandbox Violation) in AIR prevents future hostname resolution

Scenario:
Create an application which tries opening 100 socket connections. This in turn triggers an Error #2031(Socket Error) on a few of them, I believe this is a limitation in Flash? or something similar? After a few seconds, those same socket connections will trigger an Error #2048 (Security Sandbox Violation).
If the hostname which you used to connect to the sockets is a name (ex: "localhost") it will prevent any new connections from opening at all and will trigger an Error #2048 on all those future connections even though they are completely unrelated to the first.
If the hostname which you use is an IP Address ("127.0.0.1") those individual connections will have failed but no future interaction will be affected.
Problem:
1) Why is an AIR application triggering a security sandbox error at all?
2) Why is this error locking up hostname resolution?
3) Is this in fact a hostname resolution problem since there are no issues when using an IP address?
3a) In my testing it appears that once the Error #2048 "locks" resolution, it can be "unlocked" by using an IP Address on any socket (any successful socket connection really) which will restore the name resolution capability. Or so it seems.
Any help would be greatly appreciated. Until I nailed down the specific cases where this was happening the errors appeared very byzantine.
It is not only the Error #2031 from too many connections that triggers the Error #2048. The main problem is that Error #2048 is triggered by unspecified socket errors (unexpected close for example) and hence locks up future connections.
The reason this is such a problem is that I'm creating an application specifically for the purpose of monitoring a custom server so errors do happen, and if future requests cannot complete a connection due to name lookup failure it can cause a huge problem for monitoring validity.

Any help with this would be greatly appreciated.

Flex == Socklet Policy == Security sandbox violation ?!?!?!?!

Please help me with this problem. I'v had this problem for
over a month
I'm trying to connect to my C# server through my Flex client.
Flex client in running on IIS (c:/inetpub/wwwroot)
the policy file in on the root folder of IIS
<?xml
version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="false"
/>
</cross-domain-policy>
1: I tried to use the loadPolicy method before i connect
through sockets
Security.loadPolicyFile("h ttp://localhost/crossdomain.xml");
(space does not exist in real code)
2: flex sends this message to server side while connecting
("<policy-file-request/>") so as soon as i get this message
on server side i read the policy text from crossdomain.xml and i
send ti back to the client.
eventhough i get a security error the client is still able to
connect to the server and send messages but it cannot receive any
message
I get the following security error:
[SecurityErrorEvent
type="securityError" bubbles=false cancelable=false eventPhase=2
text="Error #2048: Security sandbox violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000."]Error #2048: Security sandbox
violation:
file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
load data from 10.0.0.3:8000.
y am i still getting this error???????????
some people suggested to read the log files: but i followed
all adobe tutorials to turn os loggin, but couldn't get it to work.
mm.cfg does not exist, log folder for flash player does not exist,
log.txt for flash player does not exists.

Hi,
In the move from Flash Player 9 to 10, Adobe increased the security constraints on sockets. If you are using sockets to connect to an "un-trusted" server, then you will still need a Cross-Domain Policy file, however that policy file must also be served up through sockets (not through HTTP).
You will need to run a socket server on the server you are connecting to in order to serve up the appropriate XML document through port 843 (by default). This socket server can be implemented in any number of ways, but I use a Java socket server that Thomas over at LessRain has posted on their blog. You can find it here: http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
Good luck,
Taylor
4Point Solutions Ltd.
http://blogs.4point.com/taylor.bastien/

Air app, Rest service, Security sandbox violation

Hi All,
I wrote an app a couple of years ago using flex 3 that connects to a number of remote web services and does various things.
This worked fine.
Now I have been asked by the customer to update the app as it stopped working at some point.
I am trying to use the resthttpservice library to do a PUT operation, but I am getting the following error when I try and create a socket to the remote server:
Error #2048: Security sandbox violation: app:/main.swf cannot load data from http://my.host:8182
Now, it's been a while since I've done anything with flex so I am rusty. But this error is usually fixed by having a crossdomains.xml file on the remote server. But it was my understanding that this was only required when one's app was running from within the browser and that desktop applications are not effected.
Can anyone clarify this for me? It seems that there were changes made to the flash player in version 10 that might have changed this.
I am very puzzled at this point!
thanks for any help!

These articles discuss security changes between FP 9 and 10:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
What is impacted?
This change can potentially affect any SWF file accessing cross-domain content. This change affects SWF files of all versions played in Flash Player 10 and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
What do I need to do?
Read the article: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?

Hi,
When I tried to access an image on c:\ (on XP), I get the following error:
*** Security Sandbox Violation ***
Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
-- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.display::Loader/_load()
at flash.display::Loader/load()
It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
1. Flex comipler setting additional compiler arguments: -use-network=false
2. I have added a crossdomain.xml on the source directory with these lines...
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
Thanks!.

How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
Any input on how to set it would be greatly appreciated. Thanks!

How can i reuse my existing socket connection

Hi,
this might sound basic, it probably is:
As part of my larger project, i have to send and recieve data to multiple socket connections.
The thing that happens is that everytime i send data, it seems that java is creating a new stream or something (code is multithreaded)
so as i send 4 items of data, a bit like a chat program sending 4 statements, it creates 4 different streams, instead of using the same stream. therefore when i close the connection, i get:
java.net.SocketException: Connection reset 4 times.
i know why.. its because i have added the:
Socket socket=new Socket(host, port);
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
PrintWriter out = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
bit in the same method with the
out.println(THE DATA....);
out.flush();
The thing what i want to do is to create the connection one, and reuse the objects:
out, in and socket
to send / recieve the new data.
please help me guys,
thanks

All the threads would be able to get the same reference to....
class SocketWrapper {
     private final Object readLock = new Object();
     private final Object writeLock = new Object();
     // client side
    public SocketWrapper(String hostname, int port);
     // server side.
    public SocketWrapper(Socket);
     // send data
     public void send(Serializable object) throws IOException;
     // receive data. synchronized(writeLock);
     public Serializable getNext() throws IOException;
     // create a new socket as required, throw IllegalState if server side. synchronized(readLock)
     private void createNewSocket() throws IllegalStateException;
}The send autoconnects as required. It then send on message/packet/object.
The getNext autoconnects as required. It reads one message/packet/object and returns.
This allows multiple threads to access the same socket. It allows data to be sent while a thread is blocking on a read. (Thus two locks)

Socket connection

Hi,
I want to connect swf file running in www.xxx.com via socket
to www.xxx.com:25
My crossdomain.xml looks like:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.xxx.com/*" to-ports="25"
/>
</cross-domain-policy>
But when i do remote debug i see this error:
Se ha detenido la conexión con www.vescovoweb.com:25 -
no se permite desde
http://www.xxx.com/ct.swf
securityErrorHandler: [SecurityErrorEvent
type="securityError" bubbles=false cancelable=false eventPhase=2
text="Error #2048: Violación de la seguridad Sandbox:
http://www.xxx.com/ct.swf no
puede cargar datos desde www.xxx.com:25."]
Anyone can help me?

It's the socket constructor:
public function SendMail(host:String = null, port:uint = 0)
try
Security.loadPolicyFile("
http://" + host + "/crossdomain.xml");
} catch (error:Error){
trace('NO crossdomain.xml\n'+error.message+'\n');
socket = new Socket();
configureListeners(socket);
try {
trace("Trying to connect to " + host + ":" + port + "\n");
socket.connect(host, port);
} catch (error:Error) {
trace(error.message + "\n");
socket.close();
In the third row i load the policy file but i suppose the
loading is fine because flash don't tell me any error when it's
load.
Any suggestion?

Error #2048: Security sandbox violation

I've been developing Flex apps for a couple of years now and feel comfortable with my development environment.
I'm testing out Gumbo in my same environment (new workspace): WAMP based
My test app works fine on my localhost set up... but when I upload the files to my hosted domain server... I get Error #2048: Security sandbox violation.
Specifically:
- I'm invoking an HTTPService by setting the url to a relative path (folder/file in same dir as the swf)
- I set method to POST and useProxy to false
(<fx:Declarations>
        <s:HTTPService id="contentService" url="data/verd_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
    </fx:Declarations>)
- I wrapped the send call in a try / catch block and show an Alert with the error message in the catch... here's what it says
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "F4B9A542-8B00-5CDB-3C36-1316919FC255"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
    DSStatusCode = 0
messageId = "E629F555-EF8B-E535-7CE4-13169662A82A"
rootCause = (flash.events::SecurityErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = (null)
      dataFormat = "text"
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2048: Security sandbox violation: http://****.com/Main.swf cannot load data from http://localhost:***/data/verd_content.xml?hostport=***t.com&https=N&id=F4B9A542-8B00-5CDB -3C36-1316919FC255."
    type = "securityError"
timestamp = 0
timeToLive = 0
*NOTE: I obfuscated parts of the url for security reasons
I read the other similar posts here about problems like this when using the PHP / Zend set up... but I checked the .actionScriptProperties file and it does not have any URLs in there (like localhost:port#)
I'm not using a service-config.xml file in this project... but I have set up WebORB for PHP servers and use that all the time... so I know how that works...
Is this a bug or am I missing something new in the Gumbo ?
Again: my swf file is in a folder in the webroot on my ISP
also inside that folder is another folder with an XML file in it
I'm setting an HTTPService call using the url parameter on a POST with a relative file path (folder/filename.xml)
changing the url to an absolute makes no difference...
thanks in advance for any help

Sure...
here's the code that contains both the HTTPService setup and the URLLoader setup... like i said in the original post.. the HTTPService call throws the error described, whereas the URLLoader call does not:
private var loader : URLLoader = new URLLoader();
private var req : URLRequest = new URLRequest("data/***dant_content.xml");//path obfuscated
protected function Application_creationComplete():void
    // This works...
    loader.addEventListener( Event.COMPLETE, parseContent );
    loader.addEventListener( IOErrorEvent.IO_ERROR, contentFault );
    // This does not...
    /* contentService.addEventListener( ResultEvent.RESULT, parseContent );
        contentService.addEventListener(FaultEvent.FAULT, contentFault ); */
    try
        loader.load( req );
    catch (err:Error)
        Alert.show("In Try Catch Error Block: " + err.message);
        currentState='home';
the HTTPService was set up like this: (again, i obfuscate the URLs for security)
    <fx:Declarations>
        <s:HTTPService id="contentService" url="data/***dant_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
    </fx:Declarations>
the parseContent function setup in the event listener justs reads the XML file and uses that data to build an image gallery.
hope this helps (for what its worth: I'm not doing anything serious with Gumbo as of yet due to these kinds of bugs)

Flex 4 + AIR 2 + mx:Image = Security Sandbox Violation!

Hi there!
I've been using Flex 4 and AIR 2 for some time now and there's a bug (or is it really one) that I always get and can't understand...
Whenever I use a <mx:Image> to load an image (JPG) on a remote server that has a valid crossdomain.xml I get some annoying warnings. Of course, these only are warnings and everything runs fine (except that) but it's a pain to debug an app that has lots of logs like that:
*** Security Sandbox Violation ***
SecurityDomain 'http://static-p3.fotolia.com/jpg/00/07/56/92/110_F_7569245_9hdeWKxUxFRNYuowdSDBNv0YFN9xTJ9 S.jpg' tried to access incompatible context 'app:/Main.swf'
I've googled it and found lots of others folks/threads about this, but none of them provide a valid solution... Seems like it's specific to AIR because some answers/solutions I found work in a basic SWF, but fail in an AIR app.
Is that a bug in Flex?
Am I wrong about the crossdomain.xml?
How could a JPG raise a Security Sandbox Violation?
Tips or tricks, anyone?

AIR has different security rules because it doesn't really have a "domain"
to compare against crossdomain.xml. The warnings are annoying and
misleading and usually indicate that some code is trying to access the
bitmap inside a try/catch block. Usually you can ignore any warning that
doesn't stop execution.

[Solved]TCP connection blocked in SYN_SENT status

I set up openssh daemon on my host and try to ssh to localhost to ensure it working. However the connection blocked for minutes then get
ssh: connect to host localhost port 22: Connection timed out
I checked "netstat -antup" output, the daemon was started and the new connection was in SYN_SENT status before time out
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 1 127.0.0.1:38127 127.0.0.1:22 SYN_SENT -
I did not add any iptables rules on my host, here is the log of sysctl net.ipv4
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.ip_forward = 0
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ip_dynaddr = 0
net.ipv4.ipfrag_time = 30
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
error: permission denied on key 'net.ipv4.route.flush'
net.ipv4.route.min_delay = 2
net.ipv4.route.max_delay = 10
net.ipv4.route.gc_thresh = 4096
net.ipv4.route.max_size = 65536
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_interval = 60
net.ipv4.route.redirect_load = 5
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 5120
net.ipv4.route.error_cost = 250
net.ipv4.route.error_burst = 1250
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_pmtu = 552
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.secret_interval = 600
net.ipv4.igmp_max_memberships = 20
net.ipv4.igmp_max_msf = 10
net.ipv4.inet_peer_threshold = 65664
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 47808 63744 95616
net.ipv4.tcp_wmem = 4096 16384 2039808
net.ipv4.tcp_rmem = 4096 87380 2039808
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.icmp_ratelimit = 250
net.ipv4.icmp_ratemask = 6168
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_frto = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_max_dist = 64
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.cipso_cache_enable = 1
net.ipv4.cipso_cache_bucket_size = 10
net.ipv4.cipso_rbm_optfmt = 0
net.ipv4.cipso_rbm_strictvalid = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.retrans_time = 100
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.anycast_delay = 100
net.ipv4.neigh.eth0.proxy_delay = 80
net.ipv4.neigh.eth0.locktime = 100
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan0.mcast_solicit = 3
net.ipv4.neigh.wlan0.ucast_solicit = 3
net.ipv4.neigh.wlan0.app_solicit = 0
net.ipv4.neigh.wlan0.retrans_time = 100
net.ipv4.neigh.wlan0.base_reachable_time = 30
net.ipv4.neigh.wlan0.delay_first_probe_time = 5
net.ipv4.neigh.wlan0.gc_stale_time = 60
net.ipv4.neigh.wlan0.unres_qlen = 3
net.ipv4.neigh.wlan0.proxy_qlen = 64
net.ipv4.neigh.wlan0.anycast_delay = 100
net.ipv4.neigh.wlan0.proxy_delay = 80
net.ipv4.neigh.wlan0.locktime = 100
net.ipv4.neigh.wlan0.retrans_time_ms = 1000
net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.accept_source_route = 1
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.promote_secondaries = 0
net.ipv4.conf.wlan0.forwarding = 0
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.conf.wlan0.accept_redirects = 1
net.ipv4.conf.wlan0.secure_redirects = 1
net.ipv4.conf.wlan0.shared_media = 1
net.ipv4.conf.wlan0.rp_filter = 0
net.ipv4.conf.wlan0.send_redirects = 1
net.ipv4.conf.wlan0.accept_source_route = 1
net.ipv4.conf.wlan0.proxy_arp = 0
net.ipv4.conf.wlan0.medium_id = 0
net.ipv4.conf.wlan0.bootp_relay = 0
net.ipv4.conf.wlan0.log_martians = 0
net.ipv4.conf.wlan0.tag = 0
net.ipv4.conf.wlan0.arp_filter = 0
net.ipv4.conf.wlan0.arp_announce = 0
net.ipv4.conf.wlan0.arp_ignore = 0
net.ipv4.conf.wlan0.arp_accept = 0
net.ipv4.conf.wlan0.disable_xfrm = 0
net.ipv4.conf.wlan0.disable_policy = 0
net.ipv4.conf.wlan0.force_igmp_version = 0
net.ipv4.conf.wlan0.promote_secondaries = 0
I wrote another easy socket program by myself, strace it and find that the program blocked in the "accept" system call. How can I solve this problem, or what can I do to find out more clues? Thanks very much.
Last edited by henryouly (2007-06-16 12:17:34)

Lucke most likely nailed it. FWIW, all SYN_SENT means is that you weren't sent an RST and the SYN attempt silently failed for whatever reason. You can create the exact same state by sshing to a host that either doesn't exist on your network or is down. Probably if you were sniffing traffic on your network, what you'd see is several ARPs coming from your machine, and no answers, or an ARP request, and ARP reply, and then a SYN packet with no reply. In any case, it's most likely wrappers blocking access to the port.
Last edited by Snarkout (2007-06-08 14:32:02)

Security Sandbox Violation when trying to open new window

Hi guys
I have a flash button that I would like to open a new window
of a specific size when clicked. I found some code on a thread at
flashkit and tried that out, but when testing in flash I get the
following message:
*** Security Sandbox Violation ***
Connection to javascriptopenNewWindow('
http://www.designlogic.com.ph/assets/Web_pages/tropicanacomp.gif','height=500,width=500,to p=10,left=100,toolba
r=no,scrollbars=yes') halted - not permitted from
file:///C|/Users/James/Graphics/Websites/Design%20Logic/Raw%5FImages/Flash/flashbuttons/G allery%20icons/webPagesIcons/Tropicana1.swf
Here is the code I inserted into the actionscript:
on (release) {
getURL("javascriptopenNewWindow('
http://www.designlogic.com.ph/assets/Web_pages/tropicanacomp.gif','height=500,width=500,to p=10,left=100,toolba
r=no,scrollbars=yes') ");
I also tried steamrolling ahead and testing it from
dreamweaver after inserting the flash onto my page, but it doesn't
fucntion. No surprises there.
Would really appreciate it if someone could help me out with
this.

Oh its AS 2.0 by the way :)

How to enable socket connection?

I have allowed INTERNET permission, but my socket still blocked.
     <uses-permission android:name="android.permission.INTERNET" />
If I compile apk with -debug tag, then socket connection works, but my application runs very slow.
And I dont want to publish a release version with all my debug messages.
What is the standard way to open socket connection?
Thanks

               var s:Socket=new Socket();
                s.connect("ip_address", "port_number");
                s.addEventListener(Event.CONNECT, function(event:Event):void{
                    trace('connected!');
                s.addEventListener(IOErrorEvent.IO_ERROR, function(event:IOErrorEvent):void{
                    trace('error! ' + event.errorID);
                s.addEventListener(ProgressEvent.SOCKET_DATA, function(event:ProgressEvent):void{
                    var str:String=(event.currentTarget as Socket).readUTF();
There are examples out there. Fire up Google Search .

Security Sandbox Violation when calling a remote service from a worker

From my application, I make calls to a BlazeDS server, that works fine.
I added a worker that calls the same services on the same server. But then, only for the calls from the worker, I have a Security Sandbox Violation error. I launch the application from FB in debug mode.
This is the message :
Error: [strict] Ignoring policy file at http://xxxxxxxxxxxx/crossdomain.xml due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
*** Security Sandbox Violation ***
Connection to http://xxxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling halted - not permitted from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf
Error: Request for resource at http://xxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling by requestor from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf is denied due to lack of policy file permissions.
What should I do to allow the worker to make remote calls ?

I made some progress on this. There are two different cases :
1) The service you want to access has a crossdomain.xml file
All the workers can access the service without a problem.
2) The service you want to access doesn't have a crossdomain.xml file
Whether you launch from FB in debug mode or you put your application on the same server you are trying to access, only the primordial worker will access the service, the other workers will encounter a security error.
I believe this is a bug. Shouldn't a worker have the same access privileges as the primordial worker ?

Socket connections blocked... (sandbox violation)

Similar Messages

Maybe you are looking for