FYI, The crossdomain file can be placed (and not required to be called "crossdomain.xml") as long as the widget is aware of it's location

For instance I create WidgetABC and make it private. Inside WidgetABC's code is

System.security.loadPolicyFile("http://yourserver.com/supersecretplace/bobGroceryList.xml");

where bobGroceryList.xml is actually a crossdomain.xml file

This is one way of limiting access instead of just placing a crossdomain.xml at the root of your server where Flash will look for it by default.

From what I understand if you wanted to get even tricker with it you could pass the Chumby ID as a variable to a script which then could return a valid crossdomain.xml file if the ID is correct

jvc... thanks a bunch for that information.   It sounds like that should accomplish what I need.  "Technically" it's security by obscurity.. but I'm not planning on using it for a shopping cart or to hand out SSN's.. ~:-)

Thanks also to Duane...  I'm pretty sure I know where to get the ID, so that shouldn't be a problem.  The DNS probably wouldn't be the hard part.  You'd "just" need to add some code at activation time to create the entry.  The Apache config would probably be the harder part.

Nick

The best source of information for this is the Adobe site. See this page for links to the various articles on the topic.

In general, in order to fetch XML and movies from one domain with a Flash movie that is hosted on another domain requires "permission", which is granted by the "crossdomain.xml" file.  This is the opposite of the "robots.txt" file used by search engines, which is used to *deny* permission.

If you're providing the HTTP service, you should be able add a response for a fetch for the crossdomain file.

I have been hoping to implement a model somewhat similar to the above. I've realised that the "_root._chumby_chumby_id" variable in Flash returns a GUID which is DIFFERENT to the one returned by the "guidgen.sh" script!!

- Are these values meant to be different?
- Is there a way of accessing the value of "_root._chumby_chumby_id" from a flash movie running directly (not as a widget) on the Chumby?
- Is there a way of accessing the value returned by "guidgen.sh" from within a flash movie and/or a widget?

Any help appreciated.

What unique Chumby Id can I access from within Flash to build an authentication mechanism around it on my website? I am running my application in stand-alone mode (non-widget). It seems that the"_root._chumby_chumby_id" value is only available when the application is used as a widget, and the GUID itself cannot be accessed within Flash!

Thanks for your response cbreeze.

The app that I am working on will be limited to a private set of users within our organization, and will be run as a dedicated app (not through the widget framework). To build an authentication structure for only allowing a specific subset of chumbys to access a somewhat sensitive RSS feed, I need to be able to identify each chumby uniquely.

In my attempts so far, it seems that neither '_chumby_chumby_id' nor '_chumby_user_id' are available when the app is run in stand-alone (non-widget) mode. Thus my question, how can I uniquely id a Chumby while in this mode?

The closest lead I have so far is using the 'guidgen.sh' through the 'exec' protocol as mentioned in this post here. I'm just doing some research on exec, as I haven't used it before.