ActionScript 3.0 :: General Flash Security: Validating Events Online?
Jun 16, 2010
Given the nearly plain-text nature of Flash, from a security standpoint, we must assume that your SWF can be decompiled into human readable format. That said, how can we ensure the validity of any online calls? For example, recording a high score might make a call similar to this:
Code:
var url:String = "http://someserver.com/tracker/scoreTable.aspx?mode=record&score=" + _userScore + "&checksum=" + MD5.hash( /* stuff */);
var loader:URLLoader = new URLLoader( );
loader.load( new URLRequest( url ) );
You can do all the MD5 hash checking to make sure the data received matches what was sent, but how can you verify the validity of the call? For instance, one could decompile the SWF and figure out how to build the query string manually, or they could reverse engineer it from monitoring the internet calls from the SWF itself. They could even use a run-time memory editor to change the figures that store the information while playing the game, so that when the recordHighScore call is made, it sends 1,000,000 instead of 1,000. How does one authoritatively validate data and protect against abuse?
View 3 Replies
Similar Posts:
Jun 24, 2010
I have made a game that sends and recevies data from an online leaderboard. It uses PHP and mySQL, and all works fine when running the .swf off my computer. The problem is, when the game is uploaded and running online, it fails to both receive and send the data to the leaderboard. I don't know why! When I first ran the game offline, a security box appeared that told me I had to allow it to access the server. So, I'm thinking it might be a security problem. Is there a similar security setting that I have to enable on the server somewhere? Or some code I can put to the game to override it? Note that everything is on the same server at the moment so I dont need any of that CrossDomain stuff, I think.
View 7 Replies
Oct 11, 2010
i've created a socket extension class. the pseudo code below tries to make a socket connection using the passed parameters. if there is an security error, such as the port number not being an acceptable port number, i want to handle the security error.
however, i can't catch the security error. a popup window appears with a description of the error and my errorHandler function is never called.
[Code]...
View 1 Replies
Oct 25, 2006
I'm not sure how to validate a form done in flash...
View 14 Replies
Jun 8, 2010
Is there a way to handle errors and exceptions in AS3 as one would do so using `set_error_handler` and `set_exception_handler` in PHP?
View 4 Replies
Aug 17, 2010
I use the following doctype in a page that has a flash object,
[Code]....
information on how to embed a flash object[.swf] in a page with no validation errors?
View 2 Replies
Jan 9, 2004
I have a simple flash form, which has some required fields, ie. name, addy, etc. What I want to do, is validate that the fields have been filled before they can hit the "next" button.
View 6 Replies
Apr 29, 2009
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 Replies
Mar 5, 2008
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
View 7 Replies
Mar 27, 2012
iam making a game and i almost finish except one error i couln.t get it
TypeError: Error #1034: Type Coercion failed: cannot convert flash.events::Event@3738fb79 to flash.events.MouseEvent.
TypeError: Error #1034: Type Coercion failed: cannot convert flash.events::Event@3738fb79 to flash.events.MouseEvent.
[code]....
View 4 Replies
Dec 18, 2011
When I placed this AddEventListener I got this "Type Coercion failed message"
addEventListener(Event.ENTER_FRAME,onEnterFrm);
Located above the mouse event:
addEventListener(Event.ENTER_FRAME,onEnterFrm);
[code]....
View 2 Replies
May 19, 2009
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
View 5 Replies
Apr 17, 2009
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 Replies
Sep 29, 2009
I have a flash doc with two MC's and two frames.In frame 1, the user can select one of the MC's, and in frame 2, he can move ONLY that MC.Is there a way to write a general code in frame 2 and not having to write an "IF" depending an extra variable I had to create?Because in the future I will have lots of MC's.Here is the little code I have and the link with the .fla
Frame 1
Quote:
stop();
extra_var = 0;[code].............
View 0 Replies
Nov 20, 2011
I'm sorry if this is the wrong place to post this, but I looked for a place to send general "feedback" and could not find one.I just wanted to let the management at Adobe know a couple things related to recent Public Relations blunders. Ever since the announcment that you were ending Flash Player for Mobile, I have had many conversations with people about this topic and there is SO much misinformation due to your announcement, it's going to tank Flash as a broader platform.
- Some think Flash doesn't work on Macs
- Some think the Flash player is cancelled on ALL platforms (PC included)
- Some think Flash in its entirety is coming to an end.
This perception seems to come from people of various levels of technical knowledge, from basic users where it's understandable they might be confused about the specifics of the recent news (but still not a good thing!) on up to key decision makers who don't know tech but are key to making certain spending decisions with regard to tech platforms (CEOs). This is a horrible place for Flash to be in right now and you need to quickly change the perception with a "Flash is alive and well" type of announcement.Remember, most people only retain sound bites and a few words from headlines. You may have announced "Adobe ends Flash Player for Mobile" originally, but what people retained was "Adobe ends Flash Player". You need to make a new announcement that the short attention span people will come away from with knowledge that all is well. "Flash not dead" for example.Man, whoever plans your PR needs to be fired. You could have killed off the Mobile player back before the MAX conference and then followed up with the news about Flash Player 11 and Stage 3D. That would have a perfect one-two punch, but instead you reversed it and all the excitement from FP11 @ MAX was blown away.
View 3 Replies
Nov 10, 2011
I'm completely new to Java. My task is to set up the client/server architecture for an upcoming Facebook game. On the server-side, I have:
[Code]...
View 1 Replies
Jun 4, 2010
Here I aligned Left Center...
How to generalise?
I have created three movieclips." image","crop","fixedPoint"
I am rotating the image 0,90,180,270,360..
image always align with fixed point.
ActionScript Code:
import flash.geom.Rectangle;
function alignObject()
{
[Code]....
View 4 Replies
Oct 3, 2010
I was just wondering, what is better in general? Having a TextArea component or just use a TextField with a scrollbar component over it? What consumes less memory? What is the implications of using a TextArea? Why use a TextArea over a TextField? I'm currently trying to deal with memory leaks and maintenance over time in my flash application, so every byte I save means a lot
View 1 Replies
Apr 21, 2009
flash action script - it check for blank fields and give the error message accordingly....but its not able to check the format of email id.[code]
View 12 Replies
Mar 14, 2004
i have a little questionis there a way of making flash test if a jpeg is present when trying to load it externaly?
View 3 Replies
Sep 17, 2009
i have a few problems that i have stumbled apon and i'm using Learning Actionsript 3.0 book to help me, but i am using FlashDevelop as my chosen editor for learning rather than Flash IDE editor, is it OK for me to upload my FlashDevelop projects for people to see and help? because like i said i'm using it for my AS 3.0 learning.Do many of you use FlashDevelop for your AS 3.0 code?
View 2 Replies
Feb 4, 2012
I was wondering what's the best way to manage an images depth. Currently I have 2 layers. On the top layer I have a png image of a window. The inside of the window frame is transparent so you can see though it. On the bottom layer I have a png image of a background that you cannot see though. I used addChild(MyMovieClip); to put an image onto the stage. It is in front of the window. I used addChildAt(MyMovieClip, 0); and the image ended up behind the background. I used addChildAt(MyMovieClip, 1); and the image ended up in front of the window again.
[Code]..
View 1 Replies
May 9, 2011
If I have a flex component that is a general popup, it's basically just a white popup that I pass an Array named "modules" to.[code]...
View 2 Replies
Jun 2, 2011
I have generated actionscript (AS3) beans from the Serverside(java).
Now some of the classes had (Long,long,double) which I had to convert into Number on the Actionscript side (as we dont have long ,double etc ) on AS3 side.
Now I have to validate Number on AS3 side to match type on Serverside .
Let take example I have a field
private long number ;
in java which is converted as
private number:Number ; on AS side
this will accept number as (Double Long etc) but we know that we cannot fit Double into long on java
so I am wondering is there anyway we can validate AS3 Number to be valid "Long" on Acrionscript side ?
View 1 Replies
Aug 26, 2011
I'm getting my head around XML E4X in Actionscript 3 and been looking at Senocular's article about filters [URL] for a better way of validating the code below?
Essentially I want to check the profile nodes exist and if theres a profile node with a matching locale attribute (passed via FlashVars), and if not it grab the text of the first node. Anyway heres the code snippet and my XML is below:
function addInfoBubble(countryName:String, countryDataXML:XML):void {
// (theres other non related code here)
if(countryDataXML.achievers.achiever[0].profile as XMLList && countryDataXML.achievers.achiever[0].profile.length() > 0){
[Code].....
View 1 Replies
Mar 13, 2011
I have created a button when clicked it validates A listbox checking for a value if the selected index =0. I want it to run another .swf
Here is ActionScript Code:
submit_btn.addEventListener(MouseEvent.CLICK, play);
function validate(event:MouseEvent):void{
if (question1_combo.selectedIndex ==0)
(RUN SWF here)
else
trace ("not worked");
}
View 0 Replies
Apr 25, 2011
I had a file flash version 4 that was working with this AS3 code, I open the file with version Flash 5 and now it is not working properly...Like in the name field if I press lowercase "r" ir shows "R"... and in the email address I can't type the @ character...this is the code...
stop();
var variables : URLVariables = new URLVariables();
var varSend : URLRequest = new URLRequest ("contact.php");
[code]....
View 2 Replies
Aug 25, 2011
Im a scrub when it comes to flash (but i gotta start somewhere) and started making a form.I made a validation on the orders email and the orders details.The purpose of the form is to get some information about trips.there are 10 rows with 4 fields.the 4 fields is a date, from, to and time textfield.
i wanna group up and validate these fields so that if you write something in "from" you have to write something in "date", "to" and "time".
View 0 Replies
Dec 28, 2009
I want to be able to validate a string so that it doesn't contain any numbers or special characters like '@!�%^' for instance, how would i go about doing this?
View 3 Replies
Apr 22, 2011
I'm still learning AS3 and am trying to set up validating user (text box) input of 2 items (name and password) by checking with an SQL Server Database on my website.I have the ASP page set up using a standard request/response.write script. It works I've tested the ASP, and it works. The ASP receives the 2 variables, hopefully each in a name-value pair, and checks with the DB, then if the name and password received from the Flash SWF match a name and password in the DB, sends back a "YES" and, if not, sends back a "NO".I'm having difficulty getting the AS3 written and working correctly. Here's what I have so far that displays errors, causes a flickering when previewed and doesn't yet work.
stop()nextBtn.addEventListener(MouseEvent.CLICK, nextBtnClick, false, 0, true);function nextBtnClick(e:MouseEvent):void {var input1:String = T1.text;var input2:String = T2.text;var variables:URLVariables = new
[code].....
View 13 Replies
