ActionScript 3.0 :: Secure Flash PHP Data Transfer
Dec 8, 2009
I know there are a lot of topics already on this. I have read (hundreds of) them and I'd still like your input.
If I have a flash UI that takes user input and passes it to PHP; is this secure?
I have read that, yes, this is okay. I have also read that no, you need to encrypt the data, by say hashing it before sending to PHP. OK, easy, I do this already but.....
In my case I have the data/password stored (when the user inputs it, not in the swf of course) and sent every time I want to access any PHP (using AMFPHP). The PHP check this password each time and only runs if it gets the correct password. So in this case if I hash the password, it makes no difference, it just changes what the password is rather than providing any actual security (well maybe minimal because it's less recognizable).
So can someone extract a password that is sent from flash to PHP?
I need to transfer data from a flash application running in a browser to a server running php. If I use an https connection will that be enough to ensure that the data sent from flash to the server is encrypted and sensitive data can't be sniffed, or do I need to do encryption in my flash application itself?
I have coded a program to accept several text fields in Flash and then transfer them (using a defined Class function, sendExample with sendPhp) and display them with a pfp form. When I run the swf from my pc it transfers the data correctly (the php file is on my hosted server.) However when I transfer the swf to the server (along with the class I defined to do the transfer), the php file is called but no data is transfered. What is missing from the server to make the data transfer complete? No errors, just a php page with no data inserted.
It's not exactly that, but it works the same way. It's about a login form with Flash and PHP. It must send data (username and password) to PHP, PHP has to check for a record in MySQL and then to return data to Flash. How does it works and how to return the data to Flash?
This is not something new I'm sure and a lot of people have found or are looking for a solution for stablishing an encrypted data transfer between flash and php but the wiered thing is that there are few resources when I try googling about this so, all I'm trying to achive is to encrypt data in flash with a key or something (I don't want to build my own algorithm, I'd like to use some standard ones like MD5) and then send the data out to a PHP file and after the php read the data it will also encrypt and send the results back to flash...
I was happy and downloaded the as3crypto class from google code... installed and ran it and it worked for the first tests... then when I tried using that method in my project I noticed that the encrypted data being sent from PHP to flash, sometimes does not work! again I searched and found out that some other people are also having the same problem and are saying that this as3crypto does not work well with sending data to php!!!I'm out of time and out of mind so what should I do if I want my data sent to php and vice versa to be encrypted? or maybe I'm using that as3crypto thing in a wrong way?! I did exactly as described in the above sample blog.
i have a problem with flash maybe i have an online exchange table which loaded in a flash page when i import the exchange swf in a flash page on ftp it cant get the datas from php but when i open the exchange swf independently in ftp it get the datas from php and it works
However, no matter what I do I can't seem to get data from my components to a PHP file on my server.Ultimately,I am making a flash form that will submit the form data to the PHP script and make entries into a mySQL database.Before I do that, though, I thought I'd first just try to see if I could get data processed in PHP.So,I created a simple PHP file that simply displays the data on the screen, and I made a single-button flash movie that has some actionscript in it.Here is the code for the PHP file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />[code]....
And here is the code for the actionscript I have in my button:
on (click)[code]....
I'd like to note that my actionscript is a direct copy/paste from the Adobe online reference for actionscript 2 (with a change to the php path, of course).I upload everything and visit the page with the flash button in it.When I click the button, I am taken to the .php page as expected, but the only thing I get on my screen is "...and that's all I've got."
firstName, lastName, and age never get processed.Eventually, I'll be wanting to send data from form components.But as a first step, I can't even get this working correctly. Does anyone have any insight?I'm using Macromedia Flash 8 (I'd love to upgrade, but Adobe won't let me since it's part of a suite...and I don't want to upgrade the whole suite.
Is there some built-in limit to the rate at which flash.net.Socket can transfer data? When downloading from a server on localhost, I get a speed of about 5.8 MB/s consistently, while downloading directly from the server (outside of Flash Player) I can over 100 MB/s. Also, if I start two or more concurrent downloads, they all (individually) go at about the same 5.8 MB/s. The CPU use is under 100%. This program demonstrates the phenomenon. Running with NUM_DOWNLOADS = 1, I get
I've got a html login form with a flash submit button in it. How can I transfer form fields' data into the flash movie so I could proceed with my login routine?
have created a contact form that sends 3 lots of data (name, email and message) to my email address. here is my code for my flash form which looks right
I am developing a VC++ application in which I need to play SWF files. In my SWF file there are some integer values, which I need to fetch to my VC++ application. I am using the flash.ocx activex control in the application. Also I need to call some functions (in the SWF AS2) from the application.
I have a project where i need to transfer the data from swf to javascript, and vice versa, i using flash cs4 and action script 3.0 i can transfer data from AS to JS without any problem but the other way around doesn't seems to be working i have been trying this from a long time, i even used exact same code from adobe externaInterface example there seems to be some problem.
all i want is to transfer data from JS to AS dynamically.
We are planning a desktop client application with Adobe AIR. The client app will be delivered to our customers with a database, which contains monthly updated marketing data provided by our company. As different customers will buy different sets of data from us, for example, a customer is only interested in marketing data in a specific product category, while another customer need all data in a certain region. After a customer installs this client app, new data will be emailed to the customer every month.
So, the requirement is to keep the data accessible only by the customer who bought it. After reading through AIR's secure local store and database encryption feature, I came up with the following design: each customer will have his own secret key (stored in AIR's secure local store), the secret key is used to encrypt the data that the customer has purchased. Of course, the monthly data that we sent to the customer will be encrypted using the same secret key. So my questions are: is AIR's database encryption and secure local store secure enough for this use case? If someone gets the encrypted database file, can he decrypt the DB?
I am struggling with the following situation. An addToCart button adds an item to the PayPal cart with the code below, which does work, but has the result that the visitor is directed to the PayPal site during the shopping process. The transfer of the data should however happen in the background and the visitor should only be directed to the PayPal site when the view cart option is clicked. Is there any other way to transfer the data than having to navigate to the PayPal Site?[code]...
I've read some books on creating stateless websites, I've read some about stateful client applications, but a lot of complexity comes along when you have to combine both. We have a Flex application that needs to persist data to a database via .NET services. Things to keep in mind are:
- Concurrency (optimistic/pessimistic)
- Performance: Flex needs to load in lots of data so lazy-loading is often necessary.
- Do you use Dto's to transfer data between server and client?
I'll tell you the history of our product. We've used SubSonic from the beginning as a o/r mapper. SubSonic objects are converted to dto's written by us and these dto's are transferred to the client. Clientside the dto's are converted to the domain model. If clientside a domain model object needs to be saved, it is converted back to a dto and send to the server. Server side the dto is converted to a subsonic object and saved to the database.
Now, some time ago, we needed the domain model on the .NET server side... so now we have like three models on the server side, the subsonic model, the dto model and the domain model. The dto model is more simple and resembles the database more, the domain model has much more logic. It gets complex... We now have to synchronize the AS3 domain model code with the C# domain model code. If we could do it again (of get time to refactor) I think we wouldn't use the dto's anymore, but transfer the domain model between client and server. Dto's are simple objects so easy to transfer. Domain model objects can be very complex.
am having this problem of sending XML request to an addresswhich starts with "https". The problem is I always get the errormessage "Error opening URL "https:......."", instead of the actualresponse which should be in XML format as well.The function I am using is "sendAndLoad()"requestXML and responseXML are objects of XML class . Whatfunction "sendAndLoad" above does is to post variables in the"requestXML" object to the specified URL "servelet_address". Theserver response is downloaded, parsed as variable data, and theresulting variables are placed in the responseXML object.However, as I stated above, I always get the error message.
I have a byteArray of recorded sound.But how can I transfer the ByteArray data back to a real Sound object?I know that I can pass the ByteArray to an SampleDataEvent.SAMPLE_DATA listener , but that way I would have to keep the raw ByteArray and pass it every time the sound plays.
I'm using a .swf to connect to a socket and stream data as fast as possible for 60 seconds to measure connectivity speed.In other words a speed test.In the past say month or two, I've found Macintosh systems 10.5 and higher experience a significant slow down, In testing I see my socket connect and reach about 2.5Mbps - 3.5Mbps and literally stick as though the .swf was throttling the connection.
This 'problem' is random and appears to come and go. I've tested this in Chrome,Firefox and Safari with all the same results.Using the exact same test on any Windows or Linux OS works totally fine.Admittedly I'm an ActionScript novice however the code I'm using is below and has worked for some time up until recently.
ActionScript Code: var s:Socket; var Tbytes:Number = 0; function connectToSocket():void{
I am having a problem with sendAndLoad on a secure site. Has anyone run across this before? In Internet Explorer it does not work at all. The Flash forms are sending data to PHP scripts on the secure site (https) and connecting to a MySQL database. If I change it to a non-secure site (http) it works fine.
Using Php file i m able to save all data but didnt get response back to flash file using [ result="OK" ] OR also i have tried replyXML.onLoad = function(success:Boolean) { but always it become fail.
XML data is in Scene 1, loaded and modifiy of the value (increase or to be reduced) that with the value of Dynamic Text can be chanced toScene 2, How can I transfer this? Example file is attached. I want to transfer that can be found in Scene 1 in dynamic text (my text) from Scene 2. [URL]
I managed to create a simple flash animation but it's not 100% correct.
-First, what's the proper way to transfer an image in flash?I chose paste special. It worked but it made the image a bit pixelated. The original looked fine.
-Second besides adding more or less frames, how do you change the speed of the entire timeline.
-Third, does an image need to be converted in any way? The animated image is it's own layer. So does it have to be converted to symbol or movie or something else?
-Fourth, how do I move(not motion) the image. Do I have to move each frame group or is there a way to move the entire timeline if I need to realign the image?
how to make secure SWF files, so that decompilers like sothink won't be able to decompile these swf files at all. i have been assigned some research work to find out the stuff to make swf files highly secured
I have a Flash app that makes periodic calls (using URLRequest and URLLoader) to the same server that hosts it, to check if the current session has expired or not.The problem with this is a man in the middle can spoof a valid response.Is there a generally accepted way to validate a response?Would using 'https' in URLRequest(url) invoke https protocol, would that be sufficient? I'm not a security expert, but would that check if the site is who they say they are, just like the browser?
I'm building a flash-game-site for a while. The big trouble is Secure Score Submitting System .I search on the net and find some ineffective techniques:
-Secret word method: there is an secret word (crypto pass) on the server and flash gets it from server and uses for crypting score data then sends it to server. But the algoritm that does the crypto job, can be accesible with a swf decompiler. Also getting the secret word from server outside of flash is simple. Not safe!
-HTTP_REFERER method: php (or what else) check HTTP_REFERER data to determine where the post coming from. But with a simply firefox extensions, the referer header can be changed. Not safe!
That is my own idea but can only make cracking harder, not more:
-We can get flash vars with js (:swliveconnect) and send to server. Flash just make a fake submit that makes no effect. Just a trick. But not safe
1) I'm trying to create a Flash Login Form but I guess its working with ASP or PHP. Can I make Flash to check usernames from any local mdb? As long as project doesn't require internet connection, excel or sqlite will be enough for me.
2) This question is related to first question. If I cant use a mdb file it seems I'll need to embed all those 5.000 users in flash project, am I correct? Also projects SWF file is 50mb. It will work from CD source, would that cause any problem? I've made it all in one SWF file for security