First, its a great article. It sums up about a dozen pages of Adobe
documentation that mostly results in confusing people.

Second, I’l like to ‘comment’ about Adobe’s decision to only serve socket
policy files through port 843.

Forcing the use of port 843 requires the ISP to open up port 843 and run a
new server. Every developer that develops an application using raw sockets
now has to provide a hardened server for port 843 or somehow convince the
ISP to install this server and run it. Good luck with that. My ISP will
happily let me upload flash code to my site, but they will laugh at me if
I ask them to run a server and oh open the firewall too.

Why not allows a socket policy file to be served through a hardened server
like Apache? Actually they do allow it, the file is read and the policy
log reports a nice OK on it. The policy is not applied though, unless it
is read through socket 843.

Lets look at a simple use case. Lets develop a nice IMAP frontend and
install it on the host that also runs the IMAP server. Well, that will no
longer work. The Flash Application is not allowed to connecting to port
993 (IMAPS) on the same server, even with a policy file served through
HTTPS. Funny enough, if you run the same flash code on your local PC and
let it connect to a remote socket then things work just fine.

Adobe should be commended for their efforts in providing a secure solution.
In this case it wasn’t very well thought out. The irony of it all is that
in their attempt to improve security, Adobe frustrates their customers and
forces them to make their servers less secure.

Bottom line is that it is good to provide security measures, but not good
not to allow us, developers, to manage them in the way they see fit.

Cheers,
Henk