Preferred Socket Policy File Server Implementation?

I'm trying to get my Flash application to connect via socket to my server, so I need to set up a socket policy file server. It seems like there are various roll-your-own implementations floating around out there, but is there any kind of standard or best practice with what to use? Some google searches turned up nothing, so I'd be curious to hear the pros and cons of what other people 开发者_开发百科have tried.

As an aside, it seems strange that Adobe imposes this restriction but doesn't make something readily available to support it.

---

I developed it, so I'm biased, but you might look at http://socketpolicyserver.com

• The software is packaged as a Debian package, making it easy to install, upgrade, delete, or purge on Debian systems.

• The software is written as an Apache module and uses configuration files that are relatively familiar to anyone using Apache.

• The software uses the cross-platform Apache Portable Runtime library, allowing the code to be relatively simple and easy to audit.

• The software is well-documented and includes logging capabilites and working configuration files.

Those are some of the best practices I used when designing and packaging the software. And here is a caveat:

• As of the date of this posting, the software has been in production use for several months without any glitches, however, please note that it has not been subject to heavy loads.

I know this isn't everything you asked - simply several pros and a caveat for one package.

---

Adobe has some detailed advice here:

Policy file changes in Flash Player 9 and Flash Player 10

The article covers a range of topics, including:

• How websites need to respond
• Policy file control
• DNS hardening
• Changes in behavior due to immediate strictness
• Malformed policy files
• Within-domain redirects
• Content-type whitelist
• Immediately strict sockets
• Meta-policies
• Socket policy files

See also this stackoverflow question.