next »

[tamat]

Hi Everyone!

I've been coding a flash game lately and I wanted to add multiplayer support.
So I coded my server (using python) and connect my game using a socket to the server.

Everything works perfect when I test it locally on my computer, but if I try to upload the server side to my host, then all the Security problems related to flash appear.

I've been reading a lot about how the security measures of flash work, I added the crossdomain.xml to my server root:

<?xml version='1.0'?>
<cross-domain-policy>
     <allow-access-from domain='*' to-ports='*' secure='false' />
</cross-domain-policy>

but when the game tries to connect, the first thing it does is to open the socket and send this message:

"<policy-file-request/>"

I was hoping it would send the message to the http server on port 80 but no, it goes right to the game server port. So I decided to dump the xml on to the socket from the server side.

But right after it closes the socket and there is nothing I can do to keep the socket open.

Has anybody experience this?

Thanks to everybody.

[bateleur]

I've used sockets from Actionscript connecting to my server before.

You need to run the server-side code continuously, not in response to some client-side activity. Start the thing as a daemon and just leave it running permanently, listening to the relevant socket.

[tamat]

emmm, yeah, I know, I mean, if the server is not running permanently I know it wont work.

I have a python app that when it is executed (from the shell) it opens a socket and wait for connections, everytime there is a connection spawns a thread to process incomming trafic from that client (with all the game logic involved).

The problem is that when I tell from action script to open a socket to the server the only connection I get at the server (from the flash) is the one asking for policy files, and when I send the policy file the flash closes the socket so there is no way I can connect to my server.

If I run it in local (server in local too) there is no negotiation of policy, it just opens the socket and I can start sending data through without problems.

Thanks anyway

[grapefrukt]

which port are you connecting to?
is the socket server running on the same (exact) domain as the server hosting your swf?

[bateleur]

OK, so suppose you do something like this:

Code:

socket = new XMLSocket();
socket.addEventListener(Event.CONNECT,onConnectFn);
socket.addEventListener(IOErrorEvent.IO_ERROR,onFailFn);
socket.addEventListener(DataEvent.DATA,onXMLFn);
socket.connect(serverIP,serverPort);

...which of your handlers actually gets called?

[george]

You need to use two connections. One to get the policy file; close the connection; then one (open continuous) to run the game.

edit: I'm not an expert on policy files, I just play one on forums.

[tamat]

Ok, sorry for taking some time to answer the posts, I wanted to test everything I could but I run out of ideas, It doesnt works, so lets explain again the situation:

I have a flash game that connects to my server (python app coded by me with sockets listening in port 50000). My game multiplayer feature works perfectly when I run the server in the localhost, but when I run it on my host, flash doesnt want to connect.
I connect using this:

Code:

socket = new Socket(host,port);
			socket.addEventListener(Event.CONNECT, onConnect);
			socket.addEventListener(Event.CLOSE, onClose);
			socket.addEventListener(IOErrorEvent.IO_ERROR, onError);
			socket.addEventListener(ProgressEvent.SOCKET_DATA, onResponse);
			socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onSecurityError);

And the security error message jumps every time. So Security Sandbox Problem. I read about crossdomain.xml and tryed to fix the problem.

I have a http server running on my host (in port 80), so I added the crossdomain.xml to my http server root folder, expecting the flash to ask for the file before stablising any connection.

I was worryed that if Im going to connect through a socket to port 50000 probably flash will ask for the policy file to that port, so I tryed to force flash to ask the policy file from port 80.

Code:

Security.loadPolicyFile("http://" + server_host + "/crossdomain.xml");

It loads the security file, throws some warnings on the console related to using 'secure' in a http connection, and something about meta-policy and 'master-only'. But the connection problem persist.

Then I discovered that the socket in my server was being opened but receiving a message that I didnt send from my flash client, the message was this: '<policy-file-request/>'

So I guessed that if I response to that request with a message containing the policy file all will be solved (and the documentation says so), so I send my policy file through my socket dumping the next string on the socket:

<?xml version="1.0"?>
<cross-domain-policy>
        <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>

Then the host closes the socket (which is the expected behaviour) but my flash console says that the file sintax is wrong so no policies applied.

End of the story

So please, can anybody enlighten me here?

[george]

tamat, did you go to that link? It's dealing with the same problem, I thought there was a solution but maybe there wasn't? 

[bateleur]

That policy file looks OK to me. I seem to recall not using an XML version header myself, but it should at least ignore that.

Seems like it should work.

[tamat]

The point here is that flash keeps telling me that the policy file sent through the server has wrong sintax. I though maybe it was a problem with the codification, but I just write plain ASCII to the socket. I saw that some people write '\0' at the end, I tried too but nothing.

George: I read your link carefully, there were some good ideas, but none that apply to my case. I still haven't tryed to use two servers, one for the policy and one for the game itself.

I also wanted to check the traffic on the network to see which packet does flash receive because from the server side Im ensuring the packet has only the policy file data, nothing else (no linebreaks, extra info, etc).

bateleur: I tryed removing the extra xml info and it is still not working, thanks anyway.

Thanks you anyway to both.

[bateleur]

OK, next thing to try is: instead of calling loadPolicyFile from Flash, try a test using a local Python script to send "<policy-file-request/>" to your server socket and see exactly what you get back. (I know what you think you're sending back, but it may not be the same thing.)

[tamat]

aaaaaaaaaaaaaaaaarg  

I did what you told me bateleur and... there was some trash info inside (so george, you were also right, the solution was on your link).

The problem was that as soon as somebody connected to my server I send them some initial info, and I wasnt preventing that from happening when flash was requesting the policy file. So the XML was wrong blah blah blah

Now it works. Thanks a lot to everyone and specially to bateleur and george. I really appreciate your tips