3.1 The Basics

» Running the server

In order to run SmartFoxServer follow the simple steps outlined at Chapter 1.3 for your operating system. Once the server is running you can monitor and control it by using the provided Administration Tool.

» Flash player: connection restrictions and cross-domain policy file.

The Adobe Flash Player provides a number of security restrictions when trying to connect or access resources outside the domain where the SWF file is published. In other words, it is usually not possible to load resources or establish a socket connection to another domain other than the one where the movie is located.

For example if your SWF file is published on www.mywebsite.com, the Flash Player will refuse to load variables from www.anotherwebsite.com and even from a third level domain such as mydata.mywebsite.com

Especially after the release of Adobe Flash Player 9.0.115 new restrictions have been added for socket connections.

These limitations are controllerd by a cross-domain policy file: these files are simple xml files that can be loaded from the web root of the external domain you want to access, or they can be served via socket. When you are pointing the Flash Player to a resource outside the current domain it will try to load the policy file from the web root of the external domain and see if it can access the required resource.

Here's an example of a policy file:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
	<allow-access-from domain="www.gotoandplay.it" />

The first 2 lines declare the document type and the following 3 are those you have to edit. In this case we are allowing connections from www.gotoandplay.it domain but you could also allow all domains by substituting the 4th line with this one:

 <allow-access-from domain="*" />

This XML file should be always saved under the name of crossdomain.xml and it should be placed in your web root folder. In the case of www.gotoandplay.it the file should be reachable at this url: http://www.gotoandplay.it/crossdomain.xml

» Loading policy files via socket

SmartFoxServer allows to deliver a crossm-domain policy file directly from the socket connection directly to the Flash Player.
We provide various ways for defining a custom policy in the main config.xml:


You can alternatively define the whole cross-domain policy in an external file and specify it in the configuration to have it served via socket by SmartFoxServer:


For a detailed step-by-step discussion of the Flash Security model and the best practices to use in your Flash projects please follow this in-depth article.

Additional resources are also available from the Adobe website:

doc index