tags:

views:

490

answers:

1
Q: 

When using ajax Uploadify I keep getting a Security Error in my browser...

We are using Uploadify to upload images with our website. Currently when I click on Add photo,browse to my photo and select it. The uploadify status bar turns red and throws a message that says:

whatever.jpg (size 65.36KB) - Security Error

I have looked at the Apache logs and do not see any errors being thrown. We have reviewed all the image upload directories and the permissions look correct. We also ran FireBug and do not see any errors thrown when this message is thrown.

I have added a crossdomain.xml file in my Apache Document Root and it is accessible with a browser. But I am still not able to get past this error. I have tried a few crossdomain.xml's and this is my current one:

A: 

You need crossdomain.xml to establish domain trust. Rather lengthy explanation: http://kb2.adobe.com/cps/142/tn%5F14213.html

Brief example: http://www.youtube.com/crossdomain.xml

And here's a related SO question.

pluckyglen  2009-12-31 02:34:40
Thanks pluckyglen, where does this crossdomain.xml file need to live? Do I need to edit my Uploadify js file to specify the location?
roacha  2009-12-31 04:04:50
I tried adding this to my website's document root:<cross-domain-policy> <allow-access-from domain="www.whatever.com" /> <allow-access-from domain="whatever.com" /></cross-domain-policy>
roacha  2009-12-31 04:27:09
I think my problem might be the crossdomain.xml is getting redirected with my ReWrite commands in Apache. Do you know how to exclude xml files? Or the individual crossdomain.xml?
roacha  2009-12-31 04:58:21
I have my crossdomain.xml file in place and it is accessible. But I am still getting the security error. Do I need to specify anything about this file in the UPloadify config?
roacha  2009-12-31 16:05:38
I've never seen crossdomain.xml live anywhere other than the root of the web site, so I'm not sure if there are configurations that allow it to be elsewhere. I suggest using Fiddler (or Firebug's Net tab) to make sure Flash is getting what it needs. And of course the XML itself needs to be correct, but based on what you have above, it looks fine to me.
pluckyglen  2010-01-03 19:30:56

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security