What’s the most efficient way to deploy and maintain smsx.cab (the binaries) and sxlic.mlf (the license file)?

We recommend the ‘maintenance-lite’ approach:

Locate a *single* copy of each file on some server (doesn’t have to be under a licensed root) that all your users and visitors are allowed to ‘see’.

Then ‘point’ at them using fully-qualified http strings from the Security Manager object’s ‘codebase’ attribute (smsx.cab) and ‘Path’ param (sxlic.mlf).

That way you can also copy those full http strings into a browser’s address bar to ensure that those files really are where you’re saying they are!