从闪存进行 Amazon S3 安全访问
我正在尝试使用 ActionScript3 通过 SSL 访问 Amazon S3 存储桶中的文件。
当我使用这种格式时...
https://s3.amazonaws.com/bucket.name/filename
我收到安全沙箱错误。 “错误#2048:安全沙箱违规:”
当我切换到这种格式时......
https://bucket.name.s3.amazonaws.com/filename
它就像一个魅力(直到我在 Firefox 以外的浏览器上尝试它)。 它会为其他浏览器生成证书错误(主机名不匹配)。 一旦我添加了例外,它就可以正常工作。 但这不切实际。
第三个选项是理想的版本...
https://www.myowndomain.com/filename
...对所有浏览器都会产生相同的安全违规。 不用说,域是映射到桶的。
该存储桶有自己的 crossdomain.xml。
这些文件是自定义二进制文件。
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
我仔细阅读了 Flash Player 10 的安全白皮书和新规则。到目前为止还没有运气。
有任何想法吗?
好吧,它变得更有趣了,我怀疑这就是导致问题的原因。 在清理我的存储桶名称时,我过于简单化了。 我的存储桶名称中有一个点,看起来这不是一件好事。
http://faindu.wordpress .com/2008/12/18/amazon-s3-flash-crossdomainxml-ie7-certifacte-error/
因此,如果有替代方案,我将不胜感激。
I am trying to access files in Amazon S3 bucket with SSL with ActionScript3.
When I use this format...
https://s3.amazonaws.com/bucket.name/filename
I get security sandbox error. "Error #2048: Security sandbox violation: "
When I switch to this format...
https://bucket.name.s3.amazonaws.com/filename
It works like a charm (until I try it on a browser other than Firefox). It generates a certificate error (host name mismatch) for the other browsers. Once I add exceptions it works fine. But that's not practical.
Third option which would be the ideal version...
https://www.myowndomain.com/filename
... generates the same security violation for all browsers. Needless to say, the domain is mapped to the bucket.
The bucket has its own crossdomain.xml.
The files are custom binary files.
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
I went thru the security white paper and new rules for Flash Player 10. No luck so far.
Any ideas?
Ok it gets more interesting, and I suspect this is causing the problem. While sanitizing the name of my bucket, I oversimplified. My bucket name has a dot in it and appearently it is not a good thing.
http://faindu.wordpress.com/2008/12/18/amazon-s3-flash-crossdomainxml-ie7-certifacte-error/
So I would appreciate it, if there is an alternative to that.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是由于浏览器限制造成的。 另外,如果您尝试从 AS3 访问 S3,那么您可能会使用 AS3 API非常有用,尽管这也会遇到浏览器限制:
This is due to browser restrictions. Also, if you trying to access S3 from AS3 then you'll probably fine the AS3 API quite useful though this too runs into browser restrictions:
在排除故障期间,您是否启用了 Flash Player 的策略文件日志记录功能? 您可以获得沙盒违规错误背后的更多具体信息。 请阅读以下内容,了解如何设置策略文件日志记录: Flash 中的策略文件更改Player 9 和 Flash Player 10
就个人而言,我怀疑您至少应该能够使第三个选项起作用,因为您能够在 https://www.myowndomain.com/crossdomain.xml - 但让我们看看您的跨域中有什么.xml。 我建议您在这里张贴一份副本,必要时进行消毒。 并且,告诉我们,您想要在播放器中加载什么类型的文件?
During your troubleshooting, did you enable the Flash Player's policy file logging feature? You can get more specific information behind the sandbox violation error. Read the following to learn how to set up policy file logging: Policy file changes in Flash Player 9 and Flash Player 10
Personally, I suspect you should be able to get your third option to work, at least, since you'd be able to host a crossdomain.xml at the root location of https://www.myowndomain.com/crossdomain.xml -- but let's see what you have in your crossdomain.xml. I suggest you post a copy here, sanitized if necessary. And, tell us, what kind of files are you trying to load in the player?