ActionScript 2.0 :: Security Preventing LoadVars Access?
Apr 3, 2007
Im sure this is a classic problem. I am doing a flash project for a client.
This flash movie (lieing on Server A) calls an XML file on a totally different server (Server B). HOWEVER, it never reaches this xml file (although it reads the xml correctly when the flash is run on my computer). But to get it to run on my computer, I had to go into the global security panel and add the location of the SWF.
Now I tried everything to get the XML loaded on the SWF which lies on Server A. I went into the global security panel and added the folder on Server A containing the SWF, and the folder on Server B containing the XML file. However, it's still not working.
View 4 Replies
Similar Posts:
Feb 8, 2010
I am using loadVars to load an url from a txt file and then passing that to another loadVars.When I test the movie it gives me a security sandbox error,but if I type in the url by hand it works just fine.
PHP Code:
var url:String="";
var myData:LoadVars = new LoadVars();
myData.onLoad=function(){
[code]....
This gives a security sandBox error but if I remove url and type the url in directly it works fine.
View 1 Replies
Apr 19, 2006
You use a loadVars object (or even a loadVariables object) to get some data from a URL , but the server of that URL is down (or some kind of problem is happening with it),,.. and then it's as if your flash movie is just looping forever to get it?
Ofcourse, you then get the window saying something like "A script in this movie is letting your movie stop working. Do you want to abort the script" more or less.
Is there some kind of timeout function that I can use, in case loadVars can't access that URL, then it just breaks, and continues normally????? Ofcourse, giving a bad URL , will just give an onLoad event, with a "false" parameter, indicating that the URL wasn't loaded successfully.. but I'm talking about when the URL actually exists, but say the server is startign up, or there is a problem with, say, the Apache server on there... or something.
View 2 Replies
Feb 23, 2004
You will find enclosed a ".zip" file in wich there's a ".fla" file, a ".txt" file and 6 ".jpg" images. Frame 1 of the FLA only has a "Preload" class/constructor found on another site and works well. Frame 2 launches the graphic interface construction. The file "externalVar.txt" has one variable "maxVin" with a value of 6.
I would like to know WHY i can't acces this variable from outside of the loadVars object's scope (i would better say from outside of its ".onLoad" methode scope). In fact, when i trace my variable "maxVinNum" from outside of this function, flash player return "undefined". Even if i declare "maxVinNum" on the _root (_root.maxVinNum). For information, at the start of frame 2, i have let an instruction in comment: //var maxVinNum = 6; When we activate this instruction, then the variable is directely declared and everything works well. This test allow us to verify that scripts are not bugged. Here is the script of frame 2, some of you may understand quickly what's wrong :
[Code]...
View 3 Replies
Aug 21, 2010
I am fetching some variables from a URL and get the result. While I can iterate through it via e.g.:
[Code]...
View 7 Replies
Feb 28, 2004
I'm using an onLoad function (importing variables from a text file) and I'm creating arrays within a for loop in the onLoad function.
I'm using something like this:
Code:
this["dvdAry" + i] = this[indexAry[i]].split("##");
So say the first array is called dvdAry0 .
How can I access that Array from a function? Please note the function, the onLoad function and the arrays are all being created on the same timeline.I've tried tracing the array dvdAry0 from the function after the array is created in the onLoad function, but it comes up as undefined. Is the array created on the object that I'm using onLoad on?I'm using a loadVars Object called loadDVDsText.
View 2 Replies
Mar 30, 2010
I'm trying to integrate a Flex app with Google Checkout and code that runs fine on my local machine is throwing a Security Error when I test on my site.[code]...
View 2 Replies
Aug 16, 2010
I was wondering if any of the seasoned programmers are familiar with using security dongles to activate to use a software application. Can this concept be implemented for a flash application? Can AS3 support these type of devices? I would at some point like to apply this concept to some games that I am designing. These applications will be running local or on a lan network and will not be over the internet, if that matters.
View 1 Replies
Oct 6, 2009
I have a flex application which collects data entered by the user and posts it off to a web service I have running on a back end server. The flex application does not authenticate users (it's available for anyone to use without setting up an account) and communicates to the web service using HTTPS. There is an XML firewall in place for preventing certain malformed requests, DoS attacks etc and the web service validates all data received from the client.
If I was to sign the content then I could use the XML firewall to verify the signature but I assume that any certificate type data I embed in the client could be extracted out of the flex app through some means of de-compilation. My question is, is there any way of limiting calls to the web service to only those from my flex client? I understand that a user could input bad information but I'm really trying to prevent another client or 'bot'.
View 2 Replies
Aug 28, 2006
i just want to ask if there's a way to avoid the trip to global security panel to access local .swf?
View 3 Replies
Mar 22, 2010
I use a laptop which is never connected to the web for customer demos away from base. It does not have the Flash authoring environment installed either. Furthermore, a customer's own system used to run development versions of web sites using HTML with Flash content is not guaranteed to have web access either. Because some of the associated FLV files are quite large, uploading to a web host for such testing is not really viable even where clients have web access at meetings.
I have an AS3-based project which triggers Flash 10 local security protection on systems other those that used for authoring, for which the workaround is to set the source folder as trusted using the Flash Player Settings Manager. but [URL] doesn't seem to offer a useful way to avoid this problem without going on line to the Flash Player Settings Manager via an Adobe web site.
[Code]....
View 12 Replies
May 3, 2010
I'm writing a simple little test app consisting of 'main.as' and 'test.png', both within the same subdir on my harddrive. I'm compiling via command line with mxmlc, and testing via 'open with...' and Chrome. The code uses flash.display.Loader.load( "test.png" ) - but I can't access the loaded content (or even draw it to a bitmapdata!) due to security exceptions.
My goal is to get the image into something (preferably a bitmapdata!) I can draw to other bitmapdatas, as I understand this is fastest for gaming. I've tried all sorts of things, including creating a 'crossdomain.xml' that goes in the same dir as the above files (and doing the appropriate LoaderContext thing), tried various system.Security things and still no joy.
View 1 Replies
Aug 26, 2010
does anybody know if disabling the security question in the flash player is ok? I need to know the exact facts by reference whether it is ok or not. I found some answers to this but they were assumptions but nor rigid. for instance a reference to Adobe's documentation that says any workaround is illegal.
View 1 Replies
Aug 26, 2010
does anybody know if disabling the security question in the flash player is ok? I need to know the exact facts by reference whether it is ok or not. I found some answers to this but they were assumptions but nor rigid. for instance a reference to Adobe's documentation that says any workaround is illegal.
View 1 Replies
Jan 20, 2011
is there any way, to hide the source of a flash in the sourcecode, so that the movie itsself is not downloadable, or better not to copy?
View 1 Replies
Sep 11, 2007
I guess this is more a question about PHP and MYSQL, but since Im using flash as the interface, I wanted to know if anyone knew this. Is it possible for someone to basically trigger one of my php documents that inserts variables to the Database through an swf ran outside my server? I know for example flash has a security feature built in to prevent flash from loading xml files from server to server. If anyone knows more about flash security issues and tips let me know
View 3 Replies
Jul 31, 2010
I tried to deploy my otherwise working flex app on a web server (tomcat 6).It threw a Channel.Security.Error.After some research, I became aware that flash movie loaded from flash_movie_domain will not be able to load resource from any other domain.Some suggested adding a crossdomain.xml.However, the crossdomain.xml route doesn't quite make sense.In this case, I am loading resources from a third party web site.My understanding is that I need this third party website to include a crossdomain.xml on their root directory in order for app to function.The third party web service is provided as is. I will not be able to change what's given. Since the third party is providing public access, it already explicitly give permission to the general public. Adding a crossdomain.xml to their root seems to be a redundant act?
View 1 Replies
Apr 13, 2004
One of the moderators, could you've a look at this tutorial: [URL] it doesn't works with me, maybe because I've 2004 so if you change loadVars() into LoadVars() it should work
View 2 Replies
Jun 11, 2010
I am trying to develop a sound visualizer and i have developed OO solution but the problem is I get this error:
SecurityError: Error #2121: Security sandbox violation: SoundMixer.computeSpectrum: widget5.swf cannot access . This may be worked around by calling Security.allowDomain.
at flash.media::SoundMixer$/computeSpectrum()
at widget5/onEnterFrame()
Also if I press continue I get other error
Error: Error #2030: End of file was encountered.
at flash.utils::ByteArray/readFloat()
at widget5/onEnterFrame()
View 3 Replies
Sep 1, 2003
Whenever i try to display anything returned by LoadVars.getBytesLoaded or Load....Total, it gives me NaN.
View 14 Replies
May 19, 2009
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
View 5 Replies
Apr 17, 2009
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 Replies
Dec 20, 2009
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
View 1 Replies
Apr 29, 2009
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 Replies
Mar 5, 2008
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
View 7 Replies
Mar 9, 2009
I'm developing some photo viewer app for some web site in flex 3. One of the demands made by my customers is preventing of their unique visual content from copying at least by standard Windows tools ("Print Screen" button). Are there any tricky techniques capable of doing this?
The first thing occurred to me is handling "Print Screen" button of keyboard doesn't seem to be as effective as my client needs.
View 2 Replies
May 27, 2009
How can I prevent concatenating when using the addition operator? totalCost_txt.text = (firstCost_txt.text + secondCost_txt.text)I can replace the "+" with any other operator and it works. (huh?)
View 3 Replies
Jan 15, 2012
I stayed up all night building an application on cs5.5 that needs to keep running for up to an hour without the screeen dimming or the device going to sleep. After a lot of googling I could not find anything. Is there a way to emulate or trick the system and make it think that there is user interation ? Or is there an option I can change to make this work? I am testing on an ipod touch 4g
View 3 Replies
Aug 15, 2011
I'm working on the Java backend for a Flash webgame - the client and server communicate using Action Message Format (AMF). A few weeks ago, another team in our company had their product hacked by a user who decompiled the Flash client, and used an altered version to flood the backend with bogus requests. We want to prevent this kind of attack in our new game.(More details: webserver used is Tomcat, AMF client is BlazeDS.)I'd like to know what the best way to prevent this kind of attack would be. Some ideas I had:the nginx configuration seemed like the best place to handle rate limiting, but I cant find any resources on how nginx interacts with AMF. Do the AMF requests just get sent straight to Tomcat?most requests involve a userId param for the relevant user. Rate-limiting requests involving overused userIds might be one approach - however, an attacker who just wants to flood the server could easily spam random userIds.
View 1 Replies
Sep 10, 2009
What is the best way for preventing swf files from decompiling?
View 1 Replies
