ActionScript 3.0 :: Secure Checkout Woes In Flash?
Feb 15, 2010
I have been trying to promote a new web site written entirely in full browser flash. Nobody at all was comfortable with the idea of checking out inside of flash (even though its just as secure). So I went to the only method I could think of which is a getUrl into a new window with my https checkout page. Well, I guess with popup blockers and such... this is proving to be a disaster. I am losing most of my customers after two or three attempts to checkout according to my logs. They either cant figure out how to allow the popup or it spits them out and they lose the order.
Okay so im pretty frustrated. Then I start thinking about how I am calling facebooks java api from within flash to popup requests in front of my flash movie. Maybe there is some method like this? Something I can do via external interface? I really have to get this figured out as soon as possible. I am very curious to see what people here have done about this issue.
View 6 Replies
Similar Posts:
Apr 7, 2012
We are planning a desktop client application with Adobe AIR. The client app will be delivered to our customers with a database, which contains monthly updated marketing data provided by our company. As different customers will buy different sets of data from us, for example, a customer is only interested in marketing data in a specific product category, while another customer need all data in a certain region. After a customer installs this client app, new data will be emailed to the customer every month.
So, the requirement is to keep the data accessible only by the customer who bought it. After reading through AIR's secure local store and database encryption feature, I came up with the following design: each customer will have his own secret key (stored in AIR's secure local store), the secret key is used to encrypt the data that the customer has purchased. Of course, the monthly data that we sent to the customer will be encrypted using the same secret key. So my questions are: is AIR's database encryption and secure local store secure enough for this use case? If someone gets the encrypted database file, can he decrypt the DB?
View 1 Replies
Feb 13, 2009
I am working on a flash application on my local machine. It involves reading and writing to an xml file. I am facing a lot of security problems because of flash sandbox.In order to get around this I have installed php+apache to call an external file that writes to a file. I have created the crossdomain.xml and put it in the root of the web server on my local machine.However, I can only run the flash file in the flash program. Even if I publish it as a html I still get the security error msg.Now another requirement of my program is as the user interacts with my flash application it changes an xml and the page should refresh to show the changes.But because I can't run my flash program as a html file I can't refresh the damn page!I'm half thinking of setting up a vm machine as a pretend server to get this damn thing working. Then I at least have the server + client model.
View 0 Replies
Mar 30, 2010
I'm trying to integrate a Flex app with Google Checkout and code that runs fine on my local machine is throwing a Security Error when I test on my site.[code]...
View 2 Replies
Dec 4, 2010
Now I am developing a flex application (app server is apache + PHP + mysql ) what need integrate with google checkout function ,but the google checkout has not flex SDK to use ,what should I do?
View 1 Replies
Oct 31, 2009
I am going to make one short template on which there is a buy now button through which any user can make payment and get the liberty to buy/download the videos I am going to sell. Now which payment method do I accept. Is it paypal or Google checkout. Everybody says that Google Checkout is far more useful to use.
View 0 Replies
Dec 30, 2010
I am starting up a business and I'm creating a website using Flash Professional CS5. This is my first time using the program so I know pretty much nothing about AS3 or any kind of coding for that matter. I'm quick at picking up things that have to do with computers. So, getting to the point, here's my problem. I have absolutely no idea how to implement the HTML code that Google Checkout has given me into my flash website.If not Google Checkout, then I want to use PayPal .
View 1 Replies
Oct 2, 2009
I have successfully integrated PayPal Express into a Flex application. In oExpressCheckoutPayment.php, I have the following JavaScript line of code that will not execute:
window.opener.window.document.getElementById('index').paymentComplete();
'index' - http://mysite.com/index.html# contains index.swf
'paymentComplete()' - the function that finishes processing the transaction
[code].....
View 4 Replies
May 13, 2010
how to make secure SWF files, so that decompilers like sothink won't be able to decompile these swf files at all. i have been assigned some research work to find out the stuff to make swf files highly secured
View 1 Replies
Aug 12, 2009
I have a Flash app that makes periodic calls (using URLRequest and URLLoader) to the same server that hosts it, to check if the current session has expired or not.The problem with this is a man in the middle can spoof a valid response.Is there a generally accepted way to validate a response?Would using 'https' in URLRequest(url) invoke https protocol, would that be sufficient? I'm not a security expert, but would that check if the site is who they say they are, just like the browser?
View 0 Replies
Feb 8, 2009
I'm building a flash-game-site for a while. The big trouble is Secure Score Submitting System .I search on the net and find some ineffective techniques:
-Secret word method: there is an secret word (crypto pass) on the server and flash gets it from server and uses for crypting score data then sends it to server. But the algoritm that does the crypto job, can be accesible with a swf decompiler. Also getting the secret word from server outside of flash is simple. Not safe!
-HTTP_REFERER method: php (or what else) check HTTP_REFERER data to determine where the post coming from. But with a simply firefox extensions, the referer header can be changed. Not safe!
That is my own idea but can only make cracking harder, not more:
-We can get flash vars with js (:swliveconnect) and send to server. Flash just make a fake submit that makes no effect. Just a trick. But not safe
View 2 Replies
May 3, 2011
1) I'm trying to create a Flash Login Form but I guess its working with ASP or PHP. Can I make Flash to check usernames from any local mdb? As long as project doesn't require internet connection, excel or sqlite will be enough for me.
2) This question is related to first question. If I cant use a mdb file it seems I'll need to embed all those 5.000 users in flash project, am I correct? Also projects SWF file is 50mb. It will work from CD source, would that cause any problem? I've made it all in one SWF file for security
View 1 Replies
Dec 13, 2011
I need to transfer data from a flash application running in a browser to a server running php. If I use an https connection will that be enough to ensure that the data sent from flash to the server is encrypted and sensitive data can't be sniffed, or do I need to do encryption in my flash application itself?
View 1 Replies
Jun 11, 2007
Does anyone know a 100% secure way to transfer a variable from Flash to PHP. I have a SSL on my site, but I've been told that using the loadvars cmd is about as unsecure as you can get, even if your page is secure.One of the suggestions was Flash Remoting, can anyone confirm that this is a safe way to send a secure variable?
View 2 Replies
Dec 8, 2009
I know there are a lot of topics already on this. I have read (hundreds of) them and I'd still like your input.
If I have a flash UI that takes user input and passes it to PHP; is this secure?
I have read that, yes, this is okay. I have also read that no, you need to encrypt the data, by say hashing it before sending to PHP. OK, easy, I do this already but.....
In my case I have the data/password stored (when the user inputs it, not in the swf of course) and sent every time I want to access any PHP (using AMFPHP). The PHP check this password each time and only runs if it gets the correct password. So in this case if I hash the password, it makes no difference, it just changes what the password is rather than providing any actual security (well maybe minimal because it's less recognizable).
So can someone extract a password that is sent from flash to PHP?
View 6 Replies
May 12, 2011
Alright so I'm making a website for my friends band, and they want to have a music player to play their MP3's. One of the things I'm concerned about though, is the security of the MP3 files. Their albums are on iTunes to buy, so I'm looking for what the best option to have the MP3s be played but not be able to be downloaded and saved.The best thing I can think of is embedding the MP3's inside a Flash music player, but that would be more work than it's worth it seems.
View 2 Replies
Jan 13, 2012
In flash, is it possible to have your application check that the environment it is running on is "recognized". If so, how do you go about doing it? I want to put my swf on my website and prevent people using it on their site.
View 1 Replies
Jan 3, 2009
I have some videos that I don't want to let the realplayer be able to have downloaded with their program. Is there any actionscript or technique to block the download process, and just keep streaming the videos in the application?
View 2 Replies
Feb 28, 2012
I'm trying to build a secure login area on a Flash-AS3 website. I've managed to create the login form and pass data to a PHP script which checks them.
1) I know that in PHP I can echo some infos that can be get from AS3. In this case I suppose to echo something like "success" or "failed" to give an answer to the login attempt. Is this way of communication secure? Can anybody sniff this content and force AS3 to behave like if login was successful?
2) Suppose that PHP-AS3 communication has been secured. What should I do now? May I simply show admin pages hidden before? Is it the correct way? Is it secure?
View 5 Replies
Dec 14, 2009
I am wondering if it is possible to embed a YouTube video on a https website. As far as I can tell YouTube videos can only be embedded with the http:// protocol. Is there a way to embed them on a page without Firefox throwing an error?
View 4 Replies
Apr 27, 2010
I'm creating a flash application that will post images to a url for saving to disk/display later. I was wondering what are some suggested strategies for making this secure enough so that the upload is verified as coming from the application and not just some random form post. Is it reliable enough to check referring location realizing that I don't need bulletproof security, or perhaps setting authentication headers is a better strategy even though it seems unreliable from what I have read. The application and the server script will reside on the same domain and is in java - is there a way to check for a 'session' or something like that?
Another thought I had was some sort of simple hashed key type system, I could hard-code a key into the flash application and pass something to the server based on that - the server would also know this key and be able to verify if the value passed was based on that? The app is a public app, so authenticating users is not an option. After more research I am thinking about using a hard coded salt key on both ends, then sending an MD5 hash of the base64 encoded image bytearray+salt to be matched on the server side.
View 1 Replies
Sep 8, 2010
I'm working on a site which allows people to pay to stream videos online. I'm currently using JW Player to stream FLV/F4V files from Amazon S3, using a signature.This method is extremely unstable, and needless to say, useless. I've heard I can use Amazon CloudFront as a CDN for my videos. But that it won't make the files any more secure, if I've understood it correctly.Price is an important thing. I know hosting/streaming video is expensive, but what are my best options, for a cheap, reliable, and as-safe-you-can solution for me? I have very little hosting experience,
View 2 Replies
Jan 21, 2012
I'm trying to build a secure login area on a Flash-AS3 website. I've managed to create the login form and pass data to a PHP script which checks them. Now I've got some questions.
1) I know that in PHP I can echo some infos that can be get from AS3. In this case I suppose to echo something like "success" or "failed" to give an answer to the login attempt. Is this way of communication secure? Can anybody sniff this content and force AS3 to behave like if login was successful?
2) Suppose that PHP-AS3 communication has been secured. What should I do now? May I simply show admin pages hidden before? Is it the correct way? Is it secure?
View 5 Replies
Jun 5, 2008
How would one secure information transfered between the flash player and the website?
View 1 Replies
Mar 26, 2012
I would like to create a secure login section for a website. I have managed to build up an AS3-PHP communication where PHP checks user credentials. I am already providing data enchryption between AS3 and PHP but I would like to add some further security. Is it possible to implement a HTTPS login section?
View 5 Replies
Sep 1, 2011
I would like to create a multiplayer online game (tic-tac-toe/chess) and i am not sure which language to use. I am familiar with JS/PHP and heard about comet Does comet stand a chance against Flash, if yes whats the limitations except the lack of smooth animations like flash allows? What are the differences regarding resources and memory needed? SECURITY: Is it possible to create Flash-games without any chance to modify (flash-)cookies etc... for cheating? i know lot of questions, i do hope for your recommendations into the reight direction.
View 1 Replies
Aug 4, 2009
Is flash (actionscript 2.0) secure enough to use for a website that holds personal info, password, restricted areas, ect. How can I make it secure enough if it's possible.
View 1 Replies
Oct 10, 2009
ve got a main menu on my website with buttons. one of the buttons plays a movieclip instance where a dropdown menu appears with more buttons. The dropdown stops on a frame containing a new movieclip with this bit of script on it:
Code:
onClipEvent (enterFrame)
{
[code].....
View 1 Replies
Jul 9, 2010
The following sets the start time in minutes for a countdown clock to tick from......this works fine with the clock the problem is if i press a reset button and put all the values to zero and stop the clock when i press start again the getTimer() value get increaseingly bigger when it reaches a certain point it breaks the count down timer .......all i simply need to do is everytime the getTimer hits the maximum value to start count over....
PHP Code:
theTime=59;
startTime = getTimer()+theTime*60000;
View 1 Replies
Oct 20, 2005
Whats up with the problems when you let a different MC control the drag of an MC. (ie. press this mc, this other mc drags).Take this FLA for example. Notice the trace will pop up sometimes, if you get the box at a very certain position on the temp MC.
View 2 Replies
