Applet Security FAQ

From WeBWorK_wiki
Revision as of 12:38, 13 July 2009 by Gage (talk | contribs)
Jump to navigation Jump to search

Crossdomain policy file for Flash Applets

  • The crossdomain.xml file is placed at the top level of the server -- in the directory accessed by http://myserver.edu/ -- NOT in the ...webwork2/htdocs file which is accessed by http://myserver.edu/webwork2_files
  • We use this low security crossdomain file. File name: crossdomain.xml
<?xml version="1.0"?>

  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

  <cross-domain-policy>

  <allow-access-from domain="*" />

  </cross-domain-policy>
</xml>

Java security

  • There may be issues if one tries to use a java applet which is hosted

on a different site from the WeBWorK server. So far this is only noticed only on the Safari server which throws exceptions of the form Error: java.security.PrivilegedActionException: sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not from the same origin as the Java code, . Apparently Safari has stricter security rules.

  • This error will occur for example if the geogebra applet is not hosted on the webwork server. It is not immediately apparent to the user but the error messages can be found by looking at Safar's error console (in the developer menu)
  • Project: investigate which policy files are needed to avoid this problem.
Retrieved from "https://webwork.maa.org/mediawiki_new/index.php?title=Applet_Security_FAQ&oldid=5067"