I'm working on a Site that uses Flash in conjunction with a PHP and MySQL. It is possible that someone could guess the variable names used in my PHP scripts and post bogus data to my data base.
I'm using a script to escape all of the data that goes to MySQL.
I am planning on making a game with actionscript 3.0 (flash). However, I am having some security issues on saving user points. To be more specific, read below and you'll understand what's the exact problem. You are starting my flash application. PHP creates a session for your username. Playing for few minutes and reaching 750 points. You click on "Save my points" button. It connects "game.php?points=[]" with your point amount, hence, game.php?points=750. PHP connects to MySQL and does an update/insert query with the username you entered when opening application, and gets the points with $_GET['points'] as you can see on 3.
The issue is, Anyone who could directly browse "game.php?points=999999999999" would have his points saved in the database. I thought about encrypting the points, however, Flash is a client-side application and anyone could change the "points" value with an application like "Cheat Engine". Once they change the points, encrypted points will automatically be generated by Flash.
I also thought about creating a private key for each player on their signup and encrypt accordingly, but it also won't work because once an user change his points with Cheat Engine, flash will automatically encrypt the points with given private key, hence, another useless theory...
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 RepliesI get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
I have a typical Flex-based application that was written to use a Java/Hibernate/MySQL backend. The client changed the requirements - now they want to distribute it on a CD where the user can just run the app without any installation or a network connection.
To do this, I certainly need to eliminate the web server and the database server and adapt my application (with as few changes as possible, of course) to a stand-alone application that will fit on a CD/DVD. I've managed to export the data to XML and read it into Flex, but I'm wondering if there's a way to recreate the Hibernate data structures in Flex so I could change as little code as possible. Failing that, is there any way to keep the existing Java/Hibernate external to the Flex code but retrievable without installing Apache Tomcat or MySQL?
I have a Flex application which manage a database composed by 7 tables.I have created the insert form and all work great. Now I wanto to improve the Form performances; the idea is to replace the TextInput of the Form with ComboBoxes which are provided by the DataBase tables
View 1 RepliesI have downloaded MySQL JDBC driver from [URL]... How do I configure it?
View 1 RepliesI am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 RepliesIn my table the Collation is:latin1_swedish_ci (but i tried UTF8_unicode too).In my flex application when it shows the table,it displays it correct,with all accent and pointing correct,but in the table is like :
View 1 RepliesI'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
i wrote a flash script that is embedded into an html page. The flash script (AS3), needs access to the users microphone and camera. I've seen on other websites when they want to use my camera/ microphone flash automatically pops up a box asking the user to permit.
In my case, even though in my global settings for my webpage it says "always ask" under permissions, flash doesnt ask me anything and just blocks the script from accessing the microphone. The script loads fine, just doesnt prompt for access and the user has to manually right click, and go to settings and put setting to "allow".
Searching for this topic on google is rather difficult as there is too much irrelevant stuff with the same keywords.
Edit: This is how i embed just in case im not doing it right.
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" width="200" height="20" id="myflash" align="middle">
<param name="allowScriptAccess" value="always" />
[code].....
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/")
xmlData = new XML();
xmlData.ignoreWhite = true;
[code]....
I have a flash movie which loads some images dynamically, through hphp gateway files. It works fine accessing through [URL]but not through [URL] So it does not work without www.I am passing from HTML to Flash through params flashvars the path of the server, with www.
View 2 Repliestutorials (e.g. ) show how to integrate Flash and MySQL. Also Flash can manipulate and sent this back to serverTo integrate flash and MySQL one can do the following:(1) MySQL -> php -> Flash (e.g. What is the most robust way to set up (1) and (2) to work at scale - as quickly as possible? What are the server loading implications? Is there any other way to do (1) and (2) more effectively?
View 2 RepliesI'm not shure if this goes in the ActionScript forum, but no one anwsered in the Flash MX 2004 forum. And seens this is 50% ActionScript and 50% PHP i thought i would post it here aswell. Here is the thread that i started in the MX 2004 forum
View 14 RepliesI am building a photography web site with flash and I found a really cool slide show extension plug in (www.slideshowpro.com) were can easily upload and update my portfolio slide shows.when I publish out to HTML, I test it in a browser and I get this warning when I click on the photography page.I read in adoby help and it said flash developers can allow communication between sites with this AS code Security. allowInsecure Domain ("nathan44. slideshowpro.com");so I added this code to my actions layer on the firs frame in "scene 1" and to the actions layer in the photography section. But nothing changed i still get this warning when ever I publish out to an HTML, when I just preview with control + enter i can view the sideshows fine.
View 4 RepliesI have build my entire website with flash and embedded several swf objects (slideshows) into it. everything always worked fine when I published it as swf movie.but now that I want to upload my website an error message occurs saying:Error #2044: Unhandled SecurityErrorEvent:. text=Error #2140: Security sandbox violation: file:///mylayout.swf cannot load file:///slideshow_1.swf. Local-with-filesystem and local-with-networking SWF files cannot load each other.I know that it has something to do with the fact that one of the swf is local with filesystem and the other local with networking. but in my publish settings i told it to access local files only.but i dont really know what your are talking about. i am hosting my website at besides that i have not uploaded it yet. i am just testing it offline.
View 2 RepliesHow to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF 'I put it at the top of my code. That seemed like the proper event flow' flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. POLICY FILE 'Used"*" since there's not URL, it's all local'
[Code]...
I usually organise tournaments on my site (flash based) and this time I have added a tournament in which users have to complete a jigsaw puzzle and the one who completes it in the least time wins some prize. As the jigsaw puzzle always produces random location, it is difficult for them to hack. They can't even directly download the game as it can't be downloaded using flash saver etc. But I want to know if they can make a program which completes the jigsaw puzzle automatically.Even time can't be hacked as I use time also tick on my server side so I match the time submitted by the game and the time stored in my server.
View 4 RepliesHow can I disable crossdomain.xml check when the executing swf has been loaded on localhost?
Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.
I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.
Some external servers do not provide crossdomain.xml for their hosted SWF files.
I am running locally. I want to have full trust for debugging purposes.
How do I do that?
I will not consider AIR as it cannot be used from HTML5 application.
Adding the url "http://localhost:2541/xxx.swf" to "C:UsersArvoAppDataRoamingMacromediaFlash Player#SecurityFlashPlayerTrustu.cfg" did not help.
[URL]
Over the years I've become an uber-nerd when it comes to flash game development. Now I'm thinking about looking into using my skills for helping other game-developers out there.I want to develop an API in AS3 which will allow the developer to do (as a start) the following:Display a dialogue which lets the user log into their "account" (hosted on my site).Send a score/value to the website and attribute it to the logged in user.Unlock an achievement (achievements will be set up by the developer in the web interface - which is where they will also get a key of some type to use with their API.Display highscores, other players profiles in-game, etc (show basically any stats in-game).All easy enough to develop straight off the bat. However; where it becomes frustrating is security. I'm not expecting an indestructible solution that I'm fully aware isn't possible, but what would be the most defensive way to approach this? One thought I've had was converting my API to a component so there's no access to the code (unless you decompile). The problem here is it's just not friendly to the developers, though it would allow me to create my own graphics for the UI (rather than coding many, many sprites).Private/public keys wont work unless there is very good protection against decompiling.
View 3 RepliesI'm building a flash project that will be ran with a wrapper of some sort to give flash extra controls. The issue I'm running into is streaming video from a web domain while the .swf is located locally on the users computer. I'd rather not ask my clients to go into adobe's security sandbox and allow it them selves. Is there a way to auto allow a file to communication externally for streaming? I know an Adobe Air app named Ambience that streams mp3s. Anyone know how this can be accomplished?
View 1 RepliesI am using twilo client in one of my apps and it is showing following popup when I click on call buttonBut I want to show the following pop up which is lot simpler and seems less cumbersomeIs there a way to control which pop up comes on the screen? I have read some documentation of adobe but their configuration files live in users computer which ofcourse can not be changed by a website.
View 1 RepliesSo, I'm pretty sure this is impossible, but is there any way to "re-skin" the box that pops up asking you if flash should be allowed access to your mic and webcam? I'd really love to make that box fit with the rest of the design of whatever I'm building.
Also, if I have several swfs that use the mic/webcam inside one larger shell swf, will the dialog box appear once for each of the sub-swfs, or just once for the large one, and those settings will be applied to all the sub-swfs?
I'm trying to create a dynamic menu in Flash using PHP & MySQL and bring it into Flash using AS3 DataProvider. My menu works fine with a local Array, but I seem to have an issue with the Type being a String and not an Array, but how do I set it up properly so the types are correctSo I started with a typical, non-dynamic array and it works to create my menu:
Code:
var items1:Array = [
{myClass:"SCI101", question:"What color is the sky?"},
{myClass:"MATH110", question:"What is the square root of 81?"},[code].....
how tp use databases with Flash CS4 ?I have created a form, an email page and a username/password protected pages, but I cannot find any tutorials that would help me how to connect to a database.
View 7 Repliesim trying to pull .swf files from MySQL by using PHP, ive set everything in the database up with an ID and licked it properly. Im not sure if the 'type' has to be anything special, right now its just a 'VARCHAR' and when altering the javascript part of it that that flash automatically generated-- in the i tried to echo it out by putting it in the value like
< param name="movie" value="<?php echo $row['video_path']; ?>" />
I am reading one tutorial :- But I can't understand what is "Gateway.php" and all such things. I am a beginner in Flash.
View 2 RepliesI'm trying to insert embeddable video code, such as youtube/viddler/etc.. which all start with the object tag:
<object width="480" height="385">
<param name="movie" value="[URL]">
</param><param name="allowFullScreen" value="true">
</param><param name="allowscriptaccess" value="always">
</param><embed src="[URL]" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385">
</embed></object>
into MySQL with PHP.
I'm trying to call it in php, but only get the text value back, basically, the entire embed code as text is displayed instead of the video itself. Here is my display code which shows text. How can I make it show the actual video instead?
<?php
//assuming a connection to the database exists
$sql = "SELECT * FROM table";
$result = mysql_query( $sql );
while( $row = mysql_fetch_array( $result, MYSQL_ASSOC ) ) {
$html = array(); //create an array of html formated values.
[Code] .....
The php code right above it pulls out this data, without the slashes and it displays the embed code perfectly as text, but the actual video does not form from that. Is there anyway to have the code displayed act as code and show the video instead of text?
