lecosson / assql

Automatically exported from code.google.com/p/assql
0 stars 0 forks source link

IOError security sandbox violation returned when initiating query from remote site #51

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

When running a swf from the internet even when on the same domain as the
database:

var connection:Connection = new Connection("andrograde.com", 3306, "account
login", "some password", "db");         
                connection.addEventListener(IOErrorEvent.IO_ERROR, function
(e:IOErrorEvent):void {
sandbox error 2048 is caught here
}

Even though there is a valid crossdomain.xml file at
http://andrograde.com/crossdomain.xml and
Security.loadPolicyFile("http://andrograde.com/crossdomain.xml"); is used
and mysql remote access is set to allow (in hosting control panel).  A test
php file at http://willperone.net/testdb.php which accesses this same
database works successfully.

Running the swf from local machine works successfully as well.

What is the expected output? 
AsSQL is able to retrieve the database information requested

What version of the product are you using? On what operating system?
Beta 2.6

Please provide any additional information below.
An example of this error occurring can be seen at:
http://andrograde.com/BeatMeUpToo/BeatMeUpToo.php
A dialog box will come up short after loading that will show the sandbox
violation.  The weird thing is that the crossdomain file appears to work
and the test php file on willperone.net works as well not to mention that
the running swf is on the same domain as the db it's accessing (although
that can't be assumed in the general case).  Not sure what is going on
behind the scenes there to cause that...

Original issue reported on code.google.com by will.per...@gmail.com on 21 Jun 2008 at 3:15

GoogleCodeExporter commented 9 years ago
I'm not sure if this is an issue with remote mysql access or in assql; I am 
checking
into both potential issues.

Original comment by will.per...@gmail.com on 21 Jun 2008 at 4:47

GoogleCodeExporter commented 9 years ago
As of flash player 9.0.124.0 even connections connecting to the same domain 
name need
a policy file server.

Please read the security page for more information.

http://code.google.com/p/assql/wiki/SecurityInformation

Original comment by macl...@gmail.com on 22 Jun 2008 at 11:32

GoogleCodeExporter commented 9 years ago
Sorry; the problem ended up being from my hosting company's server not being
compliant with the port 843 socket policy file request (getting my hosting 
company to
comply with that will be a whole other story...)

Original comment by will.per...@gmail.com on 22 Jun 2008 at 11:45

GoogleCodeExporter commented 9 years ago
Ah yes.

If they do not end up getting port 843 setup properly, you can also setup the 
policy
server using a different port, then onCreationComplete you can load the policy 
file
from a different port by specifying the url.

Let me know how it goes.

Original comment by macl...@gmail.com on 22 Jun 2008 at 11:58

GoogleCodeExporter commented 9 years ago

Original comment by macl...@gmail.com on 23 Jun 2008 at 12:00

GoogleCodeExporter commented 9 years ago

Original comment by macl...@gmail.com on 23 Jun 2008 at 12:01

GoogleCodeExporter commented 9 years ago
Do you have an example of how to do this?  I looked at the PHP daemon example 
but am
unsure how to actually set up the Actionscript code to use that instead of 
doing the
default behavior looking for the policy file.

Original comment by will.per...@gmail.com on 23 Jun 2008 at 12:01

GoogleCodeExporter commented 9 years ago

Original comment by macl...@gmail.com on 23 Jun 2008 at 12:01

GoogleCodeExporter commented 9 years ago

Original comment by macl...@gmail.com on 23 Jun 2008 at 12:03

GoogleCodeExporter commented 9 years ago
I do believe in actionscript you call
"Security.loadPolicyFile("http://mydomain.com:845");"

I am not 100% sure, but its something like that. You cannot however use port 80
because flash player only sends "<policy-file-request />\0" to the port, and 
expects
the policy file to be returned.

Original comment by macl...@gmail.com on 23 Jun 2008 at 12:05

GoogleCodeExporter commented 9 years ago
Isn't this what is used to load the crossdomain file though?  Does it try to 
load
both files from the same port?

Original comment by will.per...@gmail.com on 23 Jun 2008 at 12:11

GoogleCodeExporter commented 9 years ago
I think when you specify a port, it knows to load the socket policy file.

Original comment by macl...@gmail.com on 24 Jun 2008 at 4:04

GoogleCodeExporter commented 9 years ago

Original comment by macl...@gmail.com on 24 Jul 2008 at 12:37