Enabling cross-domain data loading for Flash

For security reasons, some applications (notably Adobe Flash Player) prevent cross-domain loading of data by default. Using a cross-domain policy file, you enable Flash to allow or disallow content from particular domains. See the cross-domain policy file usage recommendations for Flash Player (http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html).

Because the BMC Real End User Experience Monitoring product has Flash widgets embedded in its user interface, you must manage the cross-domain data loading to secure the system, as described in the following sections. To perform these procedures, you must have Security-level access.

Warning

A cross-domain policy file must be used carefully, because it can expose your system to attacks.

Cross-domain policy file structure

Flash uses a cross-domain policy file (crossdomain.xml) is used by Flash to indicate that its data is available to files served from outside its own domain. It indicates availability by listing domains for which access is allowed.

The hierarchy of a cross-domain policy is presented below:

<cross-domain-policy>
  <allow-access-from/>
</cross-domain-policy>

The following code is the cross-domain policy code that comes with the system. It allows access from all domains by default.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*"/>
</cross-domain-policy>
<cross-domain-policy> reference

The following table describes the elements used in the cross-domain policy file.

Elements of the cross-domain policy file

Element

Cardinality

Description

Required

<cross-domain-policy>

None

Root element of the cross-domain policy file and container for the rest of the policy
 elements

Yes

<allow-access-from>

0 .. *

Specifies that access to data is permitted from this system

Yes

domain

None

A domain name, for example, www.example.com
An IP address, for example, 105.216.0.40
A domain name with a wildcard, for example *.example.com
A wildcard, for example, *, which allows access from all domains

Yes

To allow access from specific domains

  1. In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
  2. On the Action menu, click Edit.

  3. Edit the cross-domain policy file so that it looks as follows:

    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
      <allow-access-from domain="\*.bmc.com"/>
      <allow-access-from domain="10.160.15.5"/>
      <allow-access-from domain="10.160.16.*"/>
    </cross-domain-policy>

    Note

    The asterisk character * is a wildcard that represents any value.

  4. Click Save.

The system now allows access from specified domains only.

To turn the cross-domain policy file on or off

  1. In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
  2. On the Cross-domain policy page use the ON / OFF switch.
     When the cross-domain policy file is turned OFF, the system does not allow access from any domain.

To reset the cross-domain policy file

  1. In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
  2. On the Action menu, click Reset.
  3. Click OK.
     This action resets the contents of the cross-domain policy file to the system defaults (allowing access from all domains).

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*