cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Flash 9 Security, Policiy Files and Connecting to Cross-Domain Data

Former Member

on ‎03-30-2009 1:05 PM

0 Kudos

This is still related to my request for help with XML but I thought I'd better post a new thread: this is taking me way beyond xml.

Thanks to Charles Davies and Matt Lloyd, I have my first working dashboard being fed by xml data (no big deal for most of you but it was for me!). In the process, Matt drew my attention to new security features in the flash player 9 and later and it turns out it is a bit of a make or break issue.

I have a dashboard which is ready to take its data from an xml file that will be updated every day. The dashboard itself will be distributed to over a hundred unrelated users. So in order for the dashboard to refresh on the xml data, each user's flash player needs to be able to load data cross-domain. It ruens out that you can't just do that since the flash player 9. You need to create a policy file.

I tried to read the many articles on the Adobe web site but they are way beyond anything I understand. It looks, though, as if the policy file is something that gets written in actionscript. If I got that bit right, then it is worse than I thought because you have to embed that file into the flash application I guess, and you can't do that in xcelsius so...you're stuck and cannot referesh data cross-domain.

Or maybe I completely misunderstood that and the policy file has to be read by the flash player directly, but I don't have a cue where that policy file should reside.

Does anyone have any experience of this and could you please tell me if I have any chance of making sure the dashboard, once distributed, does load in the xml data (I suppose this issue is not just with xml data).

If that is not possible, then what is my next option to enable online data refresh (note: I do not use any other bobj or SAP products)?

Thank you for your suggestions. I have completely stalled.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-31-2009 7:46 PM
0 Kudos

🐵 and for some more fun the Flash Security is different depending on where you run the SWF:

1). If you run the SWF from a web server (http:/...) then use the cross domain policy file on the web server that has your XML file (unless is is the same web server).

2). If you run the SWF from your PC then you have to make the SWF trusted on that PC (this does not count as cross domain) so it has permission to access remote data.

Regards,

Matt

Show replies
Show replies
Former Member
‎03-31-2009 10:18 PM
0 Kudos

Oh Matt no...I liked you so much up until now!

Nah, still like you and thank you very much - again - for the info. But...I suspect only the end-user can make the swf trusted. So do I take it that when I distribute a version of the dashboard to end-users and it tries to connect to the xml data, the user, through the flash player (in my case though a pdf calling on the flash player to display the dashboard) will be presented with am option to make that swf trusted.

Rather than annoying the hell out of everyone I should really try to test this. Got to rent myself some web space somewhere. I hope this is useful for others too though.

Former Member
‎04-01-2009 12:19 AM
0 Kudos

I think that before PDF reader 9 the embedded SWF could get data from the web (like you can when in Xcelsius preview).

In PDF Reader 9 they have changed that so you have to make the SWF trusted inside the PDF reader (different from using the online Settings Manager).

Your best bet might be one of:

1). Put the dashboard (SWF) on a web server and email a link to people so they are running it from the web in the first place (so no need to be made trusted).

2). Export to Adobe AIR (as a SWF in AIR can read data from the web) but that means each PC needs the AIR runtime and you have to install the AIR version of your SWF...

Option 1 may be best for what you are doing...

Regards,

Matt

Former Member
‎04-01-2009 8:08 AM
0 Kudos

That's brilliant. I think I have all the options I need to explore thanks to Rich and you.

Thanl you for helping me move on.

Former Member
‎04-01-2009 8:27 AM
0 Kudos

Hi Cricri

If you need any help testing this before letting it loose on your users let me know.

Regards

Charles

RichHeilman
Developer Advocate
Developer Advocate
‎03-31-2009 2:33 PM
0 Kudos

The crossdomain.xml file must be at the root of the web server which is providing the data. For example, see this video linked in this thread.

Regards,

Rich Heilman

Show replies
Show replies
Former Member
‎03-31-2009 3:40 PM
0 Kudos

Cool. Thanks a lot Rich.

Former Member
‎03-31-2009 5:05 PM
0 Kudos

Hi rich. I foolwed the thread to enterprisegeeks and I get a feed error. I cannot watch the video.

I don't understand the jargon for the various references to ABAP and web services etc, but if we start from the principle that the server has no other object than to hold the xml file, do I just put the policy file in the root server and that's it? I need to get a test server sorted out.

RichHeilman
Developer Advocate
Developer Advocate
‎03-31-2009 7:39 PM
0 Kudos

Link works fine for me. But yes, basically you just need to make sure that the crossdomain.xml file is at the root of the web server where you are accessing the data.

Regards

Rich Heilman

Ask a Question