Espero que isso responda às duas perguntas:
Embora a porta 843 seja a fonte autorizada de informações para o servidor de políticas de soquete, o player fará uma solicitação para o arquivo de diretivas de soquete na porta de conexão. No entanto, este é um fallback, e ele sempre tentará fazer a conexão na porta 843 primeiro:
Socket policy request process
Flash Player checks for a socket policy file in three places for each IP connection. The checks occur in the following order:
Flash Player first checks port 843 to determine if there is a socket master policy file. If there is no socket master policy file or the socket master policy file has a
site-control
tag specifying"all"
, then Flash Player proceeds to the next step. If thesite-control
tag has a value of"none"
, then the process stops and the socket is denied a connection.If an
ActionScript Security.loadPolicyFile()
command exists within the SWF file, then the Flash Player runtime checks that location. Flash Player checks the destination of theloadPolicyFile()
only after it has checked the master policy file on port 843 for permission to acknowledge other policy files. If the developer has not specified aloadPolicyFile()
command, then Flash Player checks the destination port of the connection.The destination port of the connection is the last check made by Flash Player. This check is only performed if the socket master policy file permits Flash Player to check additional locations. If Flash Player still cannot locate a policy file granting permission, then the socket connection is denied.
O objetivo do arquivo de políticas de soquete é para um administrador colocar na lista de permissões / colocar na lista negra os hosts que podem ser conectados pelo Flash Player por meio de uma conexão TCP.
Referência: Configurando um servidor de arquivos de política de soquete