Problem is, it’s very hard to find the simple How-Tos for common situations in all this text. I spent many days scouring and tinkering to figure out the security solution to my application: a flash-based video viewer that would connect into a server and display Motion-JPEG frames that get streamed in.

Hopefully I’ll help save someone else the same hours of research and playing with this problem. My solution is such:

You first need up a simple service on the server you want to connect into that serves the crossdomain.xml content that defines your security policies.

I use a modified version of the service found here: http://www.lightsphere.com/dev/articles/flash_socket_policy.html. It’s updated to be a full Daemon process, so you need Proc::Daemon and Proc::PID::File installed.

Please note:

<site-control permitted-cross-domain-policies=”all”/>

is the required addition to make this script work with Flash 10. Also, if you are worried about corporate firewalls blocking ports < 1000, simply change $port to something bigger, and add the following to your Flash client:

And you're good to go!