TCL/TK Flash Socket Policy Server

For additional downloads and windows standalone zip and updated files, see:

This week I was implementing a Rich Internet Application and informed everybody that they should update to the latest flash player After updating all the flash players I received an email telling me that the application didn’t work and found that it also didn’t work in my newly installed leopard Mac Pro.

After searching high and low I found this article ‘Security changes in Flash Player 9‘ about the new security policy for the flash player and socket connections. I read the article and turned on logging of flash player security in the mm.cfg file.

After trying the application on about 5 machines (linux, windows, apple) I found that on two new installed leopard machines it showed the behavior of terminating the connection with a socket server because it could not connect with this new socket policy server. According to the article the flash player should only show this behavior until upcoming releases of the flash player. To test that this was actually the problem I decided to write a small server in tcl/tk, because I had some script lying around anyway. You can view the code below:

set policyfile	/yourplace/docs/crossdomain.xml
set port      	843
set encoding  	iso8859-1

proc policyRequest {sock clientHost clientPort} {
	puts "client connected from $clientHost $clientPort"
  	fileevent $sock readable [list sendPolicy $sock]
  	fconfigure $sock -buffering none

proc sendPolicy { sock } {

	set name $::policyfile

	if {[file readable $name]} {
		set inchan [open $name]
		fconfigure $inchan -translation binary
		fconfigure $sock   -translation binary
		fcopy $inchan $sock -command [list sendPolicyDone $inchan $sock]
	} else {
		puts $sock ""
		close $sock

proc sendPolicyDone {file sock bytes {msg {}}} {
	close $file
    	close $sock

socket -server policyRequest $port
puts "Flash Policy Server is ready...."
vwait forever

This is a very simple server, which provides the flash player with the crossdomain.xml policy file for that particular server. When testing it with my application I found that the policy logging showed that the connection could now be made from every machine (also from the machines that couldn’t make the connection). So my problems were solved, but this means that nice applications that can connect to ftp, mail, vnc and other servers now need to run there own policy server or build it into that server. This actually takes the fun out of the socket class in the AS3 library for me, unless you also write the server it is working with.

How to run the FSP Server
I will elaborate on how the FSP Server works and how you can run you own. Download the files you will need here:

To be able to run the server you will need tcl/tk installed on you machine, if you run a mac you are ready to go as the package comes pre-installed, for other systems go to ActiveState TCL and download the free tcl/tk package for your system.

Once you have tcl/tk installed unpack the and put the content in a folder named ‘fps’ in the root of your system or any location you like. In the FPS-Server.tcl you need to change one line.



on Mac, linux:

/fps or your location/docs/crossdomain.xml

on Windows:

c:\fps or your location\docs\crossdomain.xml

Change the crossdomain.xml file as you normally would and save the file. Now open the terminal or commant prompt and change the location to that of the ‘fps’ folder. On linux and mac/unix you will need to run the server as root, because your not allowed to open port lower than 1024.
Enter the following line in the terminal and press enter:

sudo tclsh fps-server.tcl

on windows, or double click the server file:

tclsh fps-server.tcl

Now the server should be up and running. You can use this at your own risk off course, but I have had it running for a week now without any problems. It is very low on system resources.

Hope this was of any help to you.

About this entry