Bingo Blog
Search
Subscribe Using RSS
Recent Blog Posts
- Online bingo "all grown up"
- Team Parlay Really Rocks
- A Look Back at ICEi 2008
- Security Changes in Flash Player 9.0.115.0
- Online Bingo Site has Big Heart
- ICEi Day 3: The ICEi is melting
- ICEi Day 2: Let's make a deal over drinks!
- ICEi Day 1: Let the Games Begin!
- Pondering the Proposed Purchase of Parlay
- Parlay Set to Heat Up ICE
Recent Stories
Bingo Bookmarks
- Promoting Your Online Bingo Site
- Bingo Link Magazine
- Parlay’s BingoBlast Newsletter
- 3rd Annual Online Bingo Summit Update
- The Social History of Bingo in the UK
- Online Bingo Traffic Rankings in Real Time
- ShouldThisBeCensored.com
- Avoid Disputes: Prize Share Agreement
- White-Listed Bingo Sites and Networks
- Photos from the Online Bingo Summit 2007
- Big Box Bingo
- BingoClubs.co.uk
Security Changes in Flash Player 9.0.115.0
Cross-domain Security
In Flash Player 9.0.115.0 and up, Adobe has added new strictness to the way it handles cross-domain security. If you have one .swf file trying to access a .swf on another domain, that other domain must have a crossdomain.xml file located at its webroot, otherwise the request will fail. In our case, when Bingo loads, it may try to access files located on a separate server or retrieve transaction data from the gameserver. If a crossdomain.xml file is not found, or otherwise determined to be invalid, the application may behave erratically eg. may not get past the loading screen.
Socket Policy files
Additionally, security strictness has been enforced on XML socket connections. The chat in Bingo uses such a connection, and now requires a security policy file to be served to it from the server via the chat port, before any socket connections can be performed. In our software, a flashpolicy.xml file is located in the config/ folder of the chat application. The contents of this file is similar to a crossdomain.xml file. If the flashpolicy.xml file is missing, or otherwise determined to be invalid, players will be unable to join a chatroom.
Join flooding
A related issue to socket security strictness has also appeared with the players using Flash Player 9.0.115.0. If a player loses his/her connection after being connected to a chatroom, the chat client will continuously and endlessly flood the server with join requests until the player closes the window. In versions 4.2.7 and up of our software, the multiple occurrences of the player in the chatroom are hidden from the user both in the Flash client and Chatterbox, but can still cripple the server.
Normally, when a player loses their connection, the chat client will reconnect according to a back-off algorithm. It will first try to re-establish the connection immediately, and if it fails, it will wait 0.5 seconds before retrying. If that fails, it waits 1 sec, then 2, 4, 8, 16, 32, 64 and finally 128 seconds. If there is no connection established after 128 seconds, a failure message will appear on the client’s screen.
The flooding occurs because an additional retry attempt is performed automatically by the Flash Player (version 9.0.115.0), whenever the player re-establishes their internet connection. This additional retry attempt is unaccounted for, and interferes with the reconnection algorithm. Instead of waiting the previously mentioned wait times, the connection attempts are immediate and infinite.
Solution
Parlay Entertainment has created two version-specific hotfixes to address these issues. The first addresses the cross-domain security and socket policy files, while the second addresses join flooding. These security changes only affect users running the Flash Player 9.0.115.0, and the issues described above cannot be replicated on any computer running a version of Flash Player 9.0.47.0 or lower.