I was informed that an old web site a vendor developed for us was no longer
working. After some digging I discovered the problem is related to the security
update that was made in Flash Player 9.0.124. There are security violations (
the standard one saying there is no policy file to allow the interaction) being
thrown when a user tries to connect to a Soap WebService via HTTPS or HTTP
depending on the situation.

I was able to get past several of the violations by allowing all headers to be
passed, but when the user tries to create an account even that didn't work. I'm
very confused by the fact that certain interactions with the https WebService
succeed and others fail. I've tried everything I can think of at this point.

Even the following doesn't work:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

Can the problem be that the http server and the https server are one and the
same.

To further complicate matters republishing the FLAs isn't really an option, so
I can't load a policy file.

Anyone have any ideas?