i was wondering if anyone have experience with this, I'm planning to do a security token app for the iphone to access a server, but i have no idea where to start, the security token im talking about is like the blizzard authenticator or bank tokens, they produce a code that last for 1 minute and allow a login, but my question is how does the system work?
View 0 RepliesI wan't to do an authentification system with fms using the token concept.I don't know how???
View 9 RepliesI am creating a website which will contain both ASP.NET pages and a Flash applet.I want to encapsulate my business logic in a WCF service which will be exposed through two endpoints: One accesssible over the Internet through HTTP(S), for use by the Flash client, and one accessible within the data center for use by the application servers.If this does not seem like a good approach, then stop me here; otherwise, I'll move on...
The question is how to authenticate requests coming from the Flash client. Since I don't want to store the user's password in a browser cookie, don't want to send the password with every request, and don't want to have to use HTTPS after the initial login, I plan on using a token-based authentication system. I also don't want the user to have to log into the Flash client after already logging into the site itself, so I plan on using Javascript to pass the token to the Flash client when it starts.
I know WCF supports using the .NET Framework's built-in security framework (System.Security) to enforce access control, and I would like to take advantage of this.The question, then, is: How do I pass the token to the WCF service when it is called by Flash, and how do I process the token on the server? WCF has an "issued token" authentication mode, but it appears this is intended to be used in a full-blown federation scenario with a Secure Token Service and SAML tokens--a bit more complexity that I really want. It is possible to use this mode with my own "simple random-string" tokens? If so, how? Keep in mind this needs to be compatible with Flash.I could potentially pass the token in a header (either a SOAP header or an HTTP header). In this case, once I've determined which user is making the request, how do I inform the framework so that the System.Security checks will work?Is there a different approach altogether that I should consider?Anything that avoids sending passwords in every request, lets me use System.Security, and works with Flash is a possibility.
I'm using the actionscript api for a flash application on the web. I would like to perform actions which require an access token, but I'm unsure of the security implications of using this in flash (which can be decompiled). Is the access token something I need to keep secret?
N.B. Specifically I'm trying to post game achievements which require the app's access token to be passed. But I'm not sure how I can do this securely from flash (or whether this is not an issue).
rtmp connect takes a token. My connect looks like below.
connect(server,"123456789");
Using fmscheck I am not able to pass token in the query string so that in my connect I can access the token.How would I use fmscheck to pass a token so that my connect so that onConnect will have a token.
application.onConnect = function(new_client,token) // token -> 123456789
{
}
I looked all over facebook api docs for FLEX and i couldnt find a way to obtain a new access token, can anyone please guide me how to that?By the way , the only time I get error "access token" is when I try to get information from the api and using the parameter "since".when I use this call, im getting a token error massage [code]and when im using it without since FacebookDesktop.api("me/likes",handleFeed);
View 1 RepliesI have a page with multiple YouTube embedded players that I need to listen for events on. I am trying to use the solution posted as the answer to Using Youtube's javascript API with jQuery, but I am getting a strange error: (in Chrome 18.0.1025.137 beta-m)Uncaught SyntaxError: Unexpected token %That is the extent of the error, including stacktrace. My code is like this:
var onYouTubePlayerReady = function (id) {
var evt = '(function(){})';
alert(eval(evt)); //just to verify that the snippet is syntactically correct
[code]....
I have been making huge strides in learning Flex and I am very much enjoying it, however,one thing I cannot find is how to bind results from a query in Flex. I have managed to create lists etc no problem but when I try to bind one specific value to a variable, it does not work.First off, here is my PHP function:
public function getRepnameByUsername($itemID) {
$stmt = mysqli_prepare($this->connection, "SELECT * FROM $this->tablename where Username=?");
[code]......
We've got a project in our ActionScript class which is a TOKEN RING or on how the token ring works. Now, our teacher just gave us 2 weeks to finish this project and he doesn't even started teaching the basics of actionscript that's why we really don't know how to start this project. Keep up the good work. What I really need now is the code in actionscript.
View 3 RepliesI am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 RepliesI'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 RepliesI get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
For a project, I'm making an interactive side scroller.You move the character with the arrow keys and press the space bar to interact with things.So far, I followed DexNote's tutorial on YouTube.I thought that I would make the interactable objects as buttons, while the mouse focus would be on the character and when you press the space bar it make a mouse click in that area.The trouble I'm having now is that I don't know how to make the space bar trigger the "interactions."
View 1 RepliesI want to generate large text files, basically 4 columns, several thousand rows, of numbers. Making an array with all this info in it occurs farily quickly, it's getting it to a displayable format that takes a really long time. Right now I use something like this:
[Code]...
I'm a designer considering creating a video project with Flash. I've read some of the security threads on the board, but they are way over my head. I will have a simple Flash file with text and a dozen imported FLV video files.If I use the "protect from import" option, will that keep the videos from being stolen from within the swf? Or, is that just a mediocre hurdle that can be easily overcome by someone wanting to dig into my file?
View 4 RepliesI read about security issues in using GetURL.Is this only with javascript? If I use the getURL to open a blank window where all the HTML and swf are on the same server are those pages and swfs safe from injection, etc? I'm working in Flash 8 with AS 2.0.
View 3 Repliesi wrote a flash script that is embedded into an html page. The flash script (AS3), needs access to the users microphone and camera. I've seen on other websites when they want to use my camera/ microphone flash automatically pops up a box asking the user to permit.
In my case, even though in my global settings for my webpage it says "always ask" under permissions, flash doesnt ask me anything and just blocks the script from accessing the microphone. The script loads fine, just doesnt prompt for access and the user has to manually right click, and go to settings and put setting to "allow".
Searching for this topic on google is rather difficult as there is too much irrelevant stuff with the same keywords.
Edit: This is how i embed just in case im not doing it right.
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" width="200" height="20" id="myflash" align="middle">
<param name="allowScriptAccess" value="always" />
[code].....
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/")
xmlData = new XML();
xmlData.ignoreWhite = true;
[code]....
I have a flash movie which loads some images dynamically, through hphp gateway files. It works fine accessing through [URL]but not through [URL] So it does not work without www.I am passing from HTML to Flash through params flashvars the path of the server, with www.
View 2 RepliesI'm using a Amf channel , How to add security to My channel..
View 2 RepliesI am trying to create a security feature for my SWF's.I have a .txt file named security.txt.It has a variable called permissionGranted and is set to false
Code:
permissionGranted=false
Here is my AS:
Code:
Stage.showMenu = false;
Stage.scaleMode = "noscale";[code]..........
This doesn't work though,it traces true of false correctly but won't touch the if statement.
How would I go about checking this setting on a loaded SWF file? For example, I have parent swf A, loading child Swf B. Once swf B is loaded into child A, how do I check child B's local security setting property?
View 1 RepliesI have a script that uses a webcam as input the problem is my site needs to wait to do stuff untill the security box that allows the webcamera to be used has closed....I looked in the docs
View 2 Repliesam modifiying some flash banners with a simple link(fp 8, actionscript 2.0). Why do i get this flashplayer security warning when i click it?The original sample banners i'm working from don't have this. How can I prevent this from popping up, without going into adobe's settings?
View 1 RepliesI have a Flash swf file on one of my pages that's causing a Security sandbox violation. Basically it's trying to load a php file to do some things with mp3 files on my server. It works just fine, unless someone types in the url without the 'www' in front of it.
[URL]
the problem occurs. It still resolves to my site, but the domain appears different to the Flash app, and so the error gets thrown.
I have an XML file that my .swf opens and reads from my server. I actually have the .swf call a php file that builds the xml output which works fine. My question is, is it possible for anyone that can see my .swf project on their browser get the path to the php file that it calls?
Can I use POST in actionscript instead of GET when getting a url so I could hide the variables sent?
Is there a header or something that flash sends that I catch with my php file? So i can tell if flash is calling it, or if some user is just directly going to the file to get the information. Or if all else fails, can I have flash create a file on my server that when I call my php file it first checks to see if that file holds the right data before spitting out the xml. When other people link to my flash file on their server, it seems this method might still work seeing as it's my servers flash .swf being called.
I have a swf loading an XML with links to copy and images loading into a swf. When inside the "stars" folder the html page index.html, which loads the swf loads all the jpg and text files fine: [URL] However, when embed a link to the swf file [URL], into the page a folder above the stars folder, which is just [URL]... none of the images load. Nothing loads actually. I figure it's a security issue with sandbox, but I created a crossdomain.xml file and added an allowDomain to my starsFA.swf file.
View 9 Repliesso i was trying to lop an Internet radio player, that will connect to different shoutcast servers, and play the radio, of course in development time everything was ok, now the time came for publishing just to be surprised with this messageof course i know what to do, but the end user will most likely won't know, and also i think this is a set back for developing such stuff, i also once tried to develop a twitter widget same thing happened when trying to communicate with twitter output, to work around that i could load the xml file from twitter into a local file using php, but i see a lot of flash files that uses flickr, twitter, and other sites, so how do these widgets work without triggering the security message,
View 1 Replies