Share flex socket traffic sandbox and security policy issues

One, sandbox, and security policy issues
    1, this problem occurs when connecting, exactly before connecting, two things:
        1. Local playback
   local playback, Flash Player will not allow SWF access to any network by default.
   Access Http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_ manager04.html, you can remove the limit by adding SWF to the license list.
    2.WEB Publishing
   Publishing swf on the web will likely face cross-domain problems.

    2, in Flash, there are two modes of communication:
1.HTTP: such as urlloader for loading remote SWF, file, image, audio and video streams.
2.Socket main: such as Xmlsocket, used to establish a long-lasting connection with the remote server.
Flash PLAYER6 The above version introduces the security policy file, before the formal communication, will check the target location for legitimate security policy, to prevent the application in different domains unlimited arbitrary visits.
in HTTP mode, Flash player checks the target domain root for crossdomain.xml and, if so, gets and analyzes its contents (described later) to determine whether to allow continued access.
Socket mode, Flash player to obtain a security policy is slightly more complex, starting from 9.0.115.0, the standard steps are as follows (the following description of IE as the standard, exceptions):
1 first to the target host 843 port connection, and send a string, Content is "<policy-file-request/>" and waits for the security policy file to be returned and analyzed.
2) If 1 fails, check if the as code uses the Security.loadpolicyfile ("xmlsocket://Host: Port") method to load the security policy file, and if so, get and parse it.
3) If 2 fails, initiates a request to the "target host: Port" in the as code that is about to be connected, the process being the same as 1.
4) If a security policy file is successfully obtained and is analyzed to allow a connection to be established, continue with the Connect () method, at which point a connection to the target host is actually attempted.

3. Solution
HTTP connection way not to say, just say the Socket way.
1 Write a program on the server, listen to 843 ports, and send the appropriate policy content (Crossdomain.xml) back to the client when "<policy-file-request/>" is received.
2 The policy file is loaded through Loadpolicyfile () in as as the xmlsocket://, rather than http://, should be used here.
3 when "<policy-file-request/>" is detected in the standard service port, the policy content is returned.

4. Exceptions and test results
The test found that in Ie,opera, Flash player will strictly follow the above steps to check the security policy.
In FireFox, when a connection is made in Chrome, Flash player does not send "<policy-file-request/>" to the server, but is connected directly to success. This should be the reason for the different implementations of Flash player.

5. Problems in data transmission
In the Xmlsocket data transmission, need to pay attention to the following details, otherwise it will come out some inexplicable problems.
1. End symbol
When a xmlsocket receives data from the server, it is placed continuously in the receive buffer until a "" byte (ASCII value of 0) is received, and the corresponding OnData or Onxml event is called.
If the server is written in Java and uses a standard string family, then the end of the send data should be manually added "".
If you write in C + +, because the standard string type in C + + is to mark the end of byte 0, there is no need to add "".
* C + + should pay attention to another problem, if the string processing itself, in determining the length of the string, the standard strlen and string.length () and so on return are the actual number of valid characters, eventually sent to the network, the total length should be added 1 bytes, to accommodate the end of the byte 0.
* This problem also exists when sending security policy content, so it needs to be valued.

2. Chinese question
By default, no matter from which end of the data sent to the other end, if the inclusion of Chinese characters, will produce garbled phenomenon, the solution is two:
1. Adding "system.usecodepage=true;" to force the use of local code sets in as, this method is most convenient, but there will still be garbled on the cross language platform.
2. In the code to write the transcoding function, this method is more complicated, but the universality is strong. A lot of specific transcoding algorithm online, mainly the C + + server needs, Java in the use of JDK class conversion to UTF-8 can