3.1 The Basics
» Running the server
In order to run SmartFoxServer follow the simple steps outlined at Chapter 1.3 for your operating system. Once the server is running you can monitor and control it by using the provided Administration Tool.
» Flash player: connection restrictions and cross-domain policy file.
The Adobe Flash Player provides a number of security restrictions when trying
to connect or access resources outside the domain where the SWF file
In other words, it is usually not possible to load resources or establish a socket connection to another domain
other than the one where the movie
For example if your SWF file is published on www.mywebsite.com, the Flash Player will refuse to load variables from www.anotherwebsite.com and even from a third level domain such as mydata.mywebsite.com
Especially after the release of Adobe Flash Player 9.0.115 new restrictions have been added for socket connections.
These limitations are controllerd by a cross-domain policy file: these files are simple xml files that can be loaded from the web root of the external domain you want to access, or they can be served via socket. When you are pointing the Flash Player to a resource outside the current domain it will try to load the policy file from the web root of the external domain and see if it can access the required resource.
Here's an example of a policy file:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="www.gotoandplay.it" /> </cross-domain-policy>
<allow-access-from domain="*" />
» Loading policy files via socket
SmartFoxServer allows to deliver a crossm-domain policy file directly from the socket connection directly to the Flash Player.
We provide various ways for defining a custom policy in the main config.xml:
<AutoSendPolicyFile>true</AutoSendPolicyFile> <PolicyAllowedDomains> <AllowedDomain>gotoandplay.it</AllowedDomain> <AllowedDomain>smartfoxserver.com</AllowedDomain> </PolicyAllowedDomains>
You can alternatively define the whole cross-domain policy in an external file and specify it in the configuration to have it served via socket by SmartFoxServer:
For a detailed step-by-step discussion of the Flash Security model and the best practices to use in your Flash projects please follow this in-depth article.
Additional resources are also available from the Adobe website: