This is a discussion on VMS socket policy files - VMS ; Hi, Is any VMS System/Network Manager out there implementing (or looking to implement) a Socket Policy File a la mode de: - http://www.adobe.com/devnet/flashpla...icy_files.html It seems they've really tightened things up a bit with the "to ports" port level granularity eg: ...
Is any VMS System/Network Manager out there implementing (or looking to
implement) a Socket Policy File a la mode de: -
It seems they've really tightened things up a bit with the "to ports" port
level granularity eg: -
and the centralized port for Policy File Servers as in: -
[Adobe has filed with IANA, the Internet Assigned Numbers Authority, to
reserve port 843 for the purposes of serving socket policy files. By
introducing a centralized location for socket policy files, Flash Player
enables a system administrator to define what ports are available through
one master policy that overrides any other policy file on the host. If Flash
Player 9,0,124,0 cannot retrieve a master policy file from port 843, then it
requests a socket policy file on the port where it is trying to connect.
However, if a policy file is available from a service on TCP port 843, then
Flash Player considers that to be the authoritative set of permissions for
Now, I'm not keen that the request is null-terminated and will require a
specialized policy-file-server, and I'm a bit suss about anyone getting a
copy of a hosts security access restrictions by just asking, but hey it's a
****-load better than what those xenophobic little-HTTPers over at HTML5
have to offer!!! (Oooh, we use HTTP headers and bollocks handshakes to
ensure that everyone will suffer the tyranny of ports 80/443 for ever more!)
SUN/Java (as of 1.6_10) is following Adobe, and Microsoft Silverlight is
also falling into line (as well as doing their own thing surprise, surprise)
so I'd suggest you pay attention to it. Look, I'm all for the status quo of
same-origin policy, but this whole mash-up thing seems to be spreading
further than Ajax and well and truly into Sockets.
Anyway, I'm guessing that the pig-ignorant, jobs-worth slime that are in
charge of most VMS systems in the world today will steadfastly refuse to
punch *any* holes in their firewalls at all (as it might increase the amount
of "monitoring" they have to do, but at least don't say you weren't told!
Cheers Richard Maher