Port ranges may include the wildcard
*
, individual port numbers, port ranges separated by dashes, or
comma-separated lists of individual numbers and/or ranges. The
allow-access-from
is ignored, although
other directives in the same policy file may be valid and accepted.
Ignoring 'secure' attribute in policy file from %s. The 'secure' attribute is only permitted in HTTPS
and socket policy files.
A found a policy file contained one or more <allow-access-from> directives that specified the attribute
secure="true|false", but this is neither an HTTPS policy file nor a socket policy file. Remove the secure
attribute from this policy file.
The secure attribute has been ignored, but the <allow-access-from> directive is not necessarily being
ignored (there will be a further error message if it is). The secure attribute is only legal in HTTPS policy
files and socket policy files. This rule has been enforced since policy files were first introduced. This is
because the policy file itself is not being transmitted over a tamper-resistant protocol, so a
man-in-the-middle attacker could replace a secure="true" declaration with secure="false", which would
then allow a non-HTTPS SWF file to retrieve data from this domain, contrary to the policy expressed in
this policy file.
7.6.5 Flash only messages
Theoretically, Acrobat clients should not receive these messages. However, since Acrobat leverages the
Flash model, these are provided for informational purposes.
Root-level SWF loaded %s
Only pertinent to Flash.
Found secure='true' in policy file from %s, but host %s does not appear to refer to the local
machine. This may be insecure.
Only pertinent to Flash and socket policy files.
Request for resource at %s by requestor from %s has failed because the server cannot be
reached.
Only pertinent to Flash.
Ignoring socket policy file at %s because it is too large. Socket policy files may not exceed 20
kilobytes.
Only pertinent to Flash and socket policy files.
Policy file from %s will permit SWF from %s to connect to a socket on host %s. This configuration
is deprecated.
Only pertinent to Flash and socket policy files.
SWF from %s may not connect to a socket in its own domain without a policy file.
Only pertinent to Flash and socket policy files.
Policy file from %s does not permit SWF from %s to connect to a socket on host %s, due to
meta-policy '%s'.
Only pertinent to Flash and socket policy files.
SWF from %s will be permitted to connect to a socket in its own domain without a policy file. This
configuration is deprecated.
Only pertinent to Flash and socket policy files.
[strict] Requesting socket policy file from %s due to socket connection request from SWF at %s.
Only pertinent to Flash and socket policy files.
Section 7 Cross Domain Configuration
Application Security Guide
Page 74
Section 7 Cross Domain Configuration