ActionScript 2.0 :: Flash Security - Running Php Scripts From A Different Server To Access A DB
Sep 11, 2007
I guess this is more a question about PHP and MYSQL, but since Im using flash as the interface, I wanted to know if anyone knew this. Is it possible for someone to basically trigger one of my php documents that inserts variables to the Database through an swf ran outside my server? I know for example flash has a security feature built in to prevent flash from loading xml files from server to server. If anyone knows more about flash security issues and tips let me know
We are using flex for same. (Although I know flex is meant for web application and air application is best suited for desktop clients, but due to some build issues we can't go for air applications). Now according to our use case we required to read file from local file system which is not allowed in flex application due to sandbox policy. To override it we had planned to use it in local mode (i.e. running from local file system instead of deploying in web container). So after running application in local mode it bypasses sandbox policy and allows to read local file. Eventually we requires remote services call (either using web services or blaze ds) also in our application. To avoid sandbox restriction for network access in local mode we are planning to explicitly grant network access permission to our flex application.
I want to distribute an SWF file to be run on computers, not the internet.However, I want to be able to access the internet through a link controlled by a button.This used to work, now I get a security warning telling me I need to change the settings on my computer.For obvious reasons I don't want to make every person who runs the swf file to have to do that!Under Windows I can create an EXE file that does not create the security warning, but on the Mac that won't help.
I use a laptop which is never connected to the web for customer demos away from base. It does not have the Flash authoring environment installed either. Furthermore, a customer's own system used to run development versions of web sites using HTML with Flash content is not guaranteed to have web access either. Because some of the associated FLV files are quite large, uploading to a web host for such testing is not really viable even where clients have web access at meetings.
I have an AS3-based project which triggers Flash 10 local security protection on systems other those that used for authoring, for which the workaround is to set the source folder as trusted using the Flash Player Settings Manager. but [URL] doesn't seem to offer a useful way to avoid this problem without going on line to the Flash Player Settings Manager via an Adobe web site.
does anybody know if disabling the security question in the flash player is ok? I need to know the exact facts by reference whether it is ok or not. I found some answers to this but they were assumptions but nor rigid. for instance a reference to Adobe's documentation that says any workaround is illegal.
does anybody know if disabling the security question in the flash player is ok? I need to know the exact facts by reference whether it is ok or not. I found some answers to this but they were assumptions but nor rigid. for instance a reference to Adobe's documentation that says any workaround is illegal.
My client wants to create an online Flash game. Once they have completed the game, they are awarded a score, which is passed and logged on a server. This score determines whether they win a prize at the end of a set period, depending on the scores of other players.
I need to consider a situation whereby a user wants to cheat by intercepting and modifying the data that is sent to the server. Although I have considered, and would obviously use HTTPS, this wouldn't prevent the actual player from doing this.
It seems to me, that I can't have any kind of secret that the server has knowledge about within the Flash, as this will accessible to the player.
Even though a lot of people on this site seem to be suggesting it in other posts, I am not sure that using an obfuscator is an option due to the value of the prizes at stake. We have used this technique before for lower value prices.
I work on a lot of digital media projects; which often require dynamic graphics. I find flash to be a great tool for this purpose. It's very easily to dynamically change text inside a swf, compensate for text overflow and apply lots of nice filters and effects. Not to mention font embedding. This technique works great for web pages, however quite often we want to use flash generated artwork in a html email. How can we do this? Well, we can use as3corelib to generate a jpg from a swf, and then use the generated image in an email.This is fine, so long as we can pre-generate all of the images, before sending out the emails. But say we need to generate the dynamic jpeg on the fly from a webpage? If the user on the webpage has flash installed we could configure a swf to generate the image for us.But what if the user has flash disabled? Maybe they are using an ios device or simply don't like flash. What I would like to do is set up a server side fallback that could run a swf, replace text in the swf based on supplied variables, generate a jpg using as3corelib and save the jpeg somewhere. The trick here is running flash player on the server. It would also need to run in a multithreaded way in case the server needed to process multiple requests.
I tried to deploy my otherwise working flex app on a web server (tomcat 6).It threw a Channel.Security.Error.After some research, I became aware that flash movie loaded from flash_movie_domain will not be able to load resource from any other domain.Some suggested adding a crossdomain.xml.However, the crossdomain.xml route doesn't quite make sense.In this case, I am loading resources from a third party web site.My understanding is that I need this third party website to include a crossdomain.xml on their root directory in order for app to function.The third party web service is provided as is. I will not be able to change what's given. Since the third party is providing public access, it already explicitly give permission to the general public. Adding a crossdomain.xml to their root seems to be a redundant act?
I have a bunch of flash videos that I need to watermark with user related information, to make illegal re-distribution of these files harder.I'm wondering how can this be done server-side. If done client-side, it will be quite easy for the user to intercept the videos before they are watermarked.Since the watermark should contain user-specific information I can't really watermark the videos before encoding them (unless I have an encoded video per user - not feasible).I'm expecting this to affect the streaming performances a lot, though
In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so. I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone. The way I see it, I have 2 possibilities:
1. passing a parameter (bIsAdmin) to Flash from the Website.
2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler on application startup, when the session has not yet exired.
In my opinion, both possibilities are not really secure... So, which one is safer, 1 or 2? Or does anybody have a better idea ? In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.
We're interested in putting one of our flash applications on the server back-end so that it can run as a module on the server machine (not on the client!). I know flash wasnt designed for this at all, so my question is:
1) Can I run Flash from the command prompt and pass parameters to it?
2) Can I detect when the Flash has finished running, or a way to communicate with the command prompt from Flash (to inform it once the operations has finished).
3) Can I close the flash application from the command prompt?
I have a Flash Ad which makes use of a JSON feed. The Flash file is hosted within oubleClick Studio.The call works perfectly locally but when I upload it to DC Studio the load Event.COMPLETE does not file neither do any IOErrors which is leaving me with no feed and no errors!I have tried making use of the StudioLoader which is supplied by DC which returns that the file is an unrecognised format. Would it be that DC just wont read JSON at all?
i'm trying to connect my flash application to my nodejs server running socket.io. To connect via web-browser is no problem. Now the problem, when the socket-server isn't running i get an IOError in Flash what seams alright. Now when i start the server and try to connect again, i don't get an error, but the socket-server doesn't receive a connection either?!
I have installed the FMS 3.5 Server on a separate IP from our main Apache Server: The server is running Redhat Linux 2.6.18-128.1.10.el5
FMS 3.5 running on ***.***.**.138 using ports 1935, 8080 (Admin Server using port 1111) Apache 2 running on ***.***.**.139 using port 80, 443. (several sites setup on this IP)
However, when accessing the fms_adminConsole.htm in the root directory of one of the domains on ***.***.**.139, all login attempts fail. I am connecting to localhost and using the assigned user and password set up in fms.ini. Using either IP fails as well. The FMS server is set up to listen to all hosts as no specific IPs were set.
/var/log/messages show that FMS and the Admin Server are up an running and listening: Jul 7 12:15:37 228215-web1 Service[28196]: Server starting... Jul 7 12:15:37 228215-web1 Service[28196]: Server started (/opt/adobe/fms/conf/Server.xml).
[Code]....
All other settings for FMS are default. This is my first time setting up FMS as a fresh install on a new unknown server and I am at a loss as to what settings to check or which files I may need to modify to get it to connect properly. It is a managed server is hosted by rackspace.com if that makes any difference.
Right now I do not have "server". Example: I do not have anything like windows sever 2000, 2003 etc. but I have and running IIS server on the same Windows XP Pro. On this very same machine I installed FMS server with the Apache that came with the FMS. I have read and followed the instructions time and time again in deferent ways to deploy my video on the server but no idea I used is working so my clients could view my videos. Looking forward to have site like "hulu" / "You Tube".
Is it possible to have multiple FMS installation running on 1 linux server?This mean that each fmsadmin, fmsmaster, fmsedge, fmscore will run under a specific user. (not vhosts of a single FMS install)How will this impact the performance of the other FMS instances in case there are more of them running on the same server?
I have found little to no flash to C++ documentation, let alone Flash to C++ over the internet. What I want to do: -Have flash send a string (or number) from a website to a server running a C++ program -The C++ program will receive the data and do something with it -After that, the C++ program would send back a response -Flash would then accept the response My goal is to make a simple MMO, but I can't start it without a server program to handle the players. I don't need a super-complicated example, just something simple, kinda secure and coded in AS3 and C++.
If I set EncryptionScope to "server" in httpd.conf (<fms>/Apache2.2/conf/httpd.conf) how or where do I specify the certificates for flash access if I want to use "ProtectionScheme FlashAccessV2".
I'm trying to integrate a Flex app with Google Checkout and code that runs fine on my local machine is throwing a Security Error when I test on my site.[code]...
I was wondering if any of the seasoned programmers are familiar with using security dongles to activate to use a software application. Can this concept be implemented for a flash application? Can AS3 support these type of devices? I would at some point like to apply this concept to some games that I am designing. These applications will be running local or on a lan network and will not be over the internet, if that matters.
Im sure this is a classic problem. I am doing a flash project for a client.
This flash movie (lieing on Server A) calls an XML file on a totally different server (Server B). HOWEVER, it never reaches this xml file (although it reads the xml correctly when the flash is run on my computer). But to get it to run on my computer, I had to go into the global security panel and add the location of the SWF.
Now I tried everything to get the XML loaded on the SWF which lies on Server A. I went into the global security panel and added the folder on Server A containing the SWF, and the folder on Server B containing the XML file. However, it's still not working.
I have a flex application which collects data entered by the user and posts it off to a web service I have running on a back end server. The flex application does not authenticate users (it's available for anyone to use without setting up an account) and communicates to the web service using HTTPS. There is an XML firewall in place for preventing certain malformed requests, DoS attacks etc and the web service validates all data received from the client.
If I was to sign the content then I could use the XML firewall to verify the signature but I assume that any certificate type data I embed in the client could be extracted out of the flex app through some means of de-compilation. My question is, is there any way of limiting calls to the web service to only those from my flex client? I understand that a user could input bad information but I'm really trying to prevent another client or 'bot'.
I am running my swf file through a browser on the local machine (i.e. C Drive). I want to have a link to download the Adobe Reader however when I click on the link that is setup with navigateToURL(), I get a Flash Player Security Error stating that it is unsafe to acess the Internet and to update the player options allowing it to happen. I have went to the player options and put the URL's in there that I am trying to get to with no success.
