Difference between revisions of "Applet Security FAQ"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
| − | * The <code>crossdomain.xml</code> file is placed at the top level of the server -- in the directory accessed by <code> |
+ | * The <code>crossdomain.xml</code> file is placed at the top level of the server -- in the directory accessed by the url <code>myserver.edu/</code> -- NOT in the <code>...webwork2/htdocs </code> file which is accessed by the url <code>myserver.edu/webwork2_files</code> |
| − | * We use this low security crossdomain file |
+ | * We use this low security crossdomain file placed in <code>/opt/htdocs/</code> File name: <code>crossdomain.xml</code> |
<?xml version="1.0"?> |
<?xml version="1.0"?> |
||
| − | |||
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> |
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> |
||
| − | |||
<cross-domain-policy> |
<cross-domain-policy> |
||
| − | |||
<allow-access-from domain="*" /> |
<allow-access-from domain="*" /> |
||
| − | |||
</cross-domain-policy> |
</cross-domain-policy> |
||
</xml> |
</xml> |
||
| + | |||
* More information at: http://kb2.adobe.com/cps/142/tn_14213.html |
* More information at: http://kb2.adobe.com/cps/142/tn_14213.html |
||
=== Java security === |
=== Java security === |
||
| − | * There may be issues if one tries to use a java applet which is hosted |
||
| + | * There may be issues if one tries to use a java applet which is hosted on a different site from the WeBWorK server. So far this is only noticed only on the Safari server which throws exceptions of the form <code> Error: java.security.PrivilegedActionException: sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code, </code>. Apparently Safari has stricter security rules. |
||
| − | on a different site from the WeBWorK server. So far this is only noticed only on the Safari server which throws exceptions of the form <code> Error: java.security.PrivilegedActionException: sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code, </code>. Apparently Safari has stricter security rules. |
||
* This error will occur for example if the geogebra applet is not hosted on the webwork server. It is not immediately apparent to the user but the error messages can be found by looking at Safar's error console (in the developer menu) |
* This error will occur for example if the geogebra applet is not hosted on the webwork server. It is not immediately apparent to the user but the error messages can be found by looking at Safar's error console (in the developer menu) |
||
| − | * Project: |
+ | * Project: find out which policy files are needed to avoid this problem so that we can use geogebra hosted on sites other than the local webwork server. |
[[Category:Applets]] |
[[Category:Applets]] |
||
Revision as of 12:42, 13 July 2009
Crossdomain policy file for Flash Applets
- The
crossdomain.xmlfile is placed at the top level of the server -- in the directory accessed by the urlmyserver.edu/-- NOT in the...webwork2/htdocsfile which is accessed by the urlmyserver.edu/webwork2_files - We use this low security crossdomain file placed in
/opt/htdocs/File name:crossdomain.xml
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy> </xml>
- More information at: http://kb2.adobe.com/cps/142/tn_14213.html
Java security
- There may be issues if one tries to use a java applet which is hosted on a different site from the WeBWorK server. So far this is only noticed only on the Safari server which throws exceptions of the form
Error: java.security.PrivilegedActionException: sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code,. Apparently Safari has stricter security rules. - This error will occur for example if the geogebra applet is not hosted on the webwork server. It is not immediately apparent to the user but the error messages can be found by looking at Safar's error console (in the developer menu)
- Project: find out which policy files are needed to avoid this problem so that we can use geogebra hosted on sites other than the local webwork server.
