Professional :: Security In The Swf?
Feb 27, 2007
I'm a designer considering creating a video project with Flash. I've read some of the security threads on the board, but they are way over my head. I will have a simple Flash file with text and a dozen imported FLV video files.If I use the "protect from import" option, will that keep the videos from being stolen from within the swf? Or, is that just a mediocre hurdle that can be easily overcome by someone wanting to dig into my file?
View 4 Replies
Similar Posts:
May 19, 2009
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
View 5 Replies
Apr 17, 2009
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 Replies
Mar 22, 2010
I am running into an annoying problem with Flash, particularly when I run my program in Debug. Basically I have an AS3 project at some location on my computer (c:/.../Flash/Project/project.fla) with a main script for it (c:/.../Flash/Project/code/projectMain.as). If I try to load in SWF files or JPG files from other places on my computer, I get problems. For example if I try to load files like:
[Code]...
It seems to load them fine. When I click on the movie though, I get this in the output: *** Security Sandbox Violation ***SecurityDomain 'file:///C/.../file.swf' tried to access ncompatible context 'file:///C/.../project.swf And the whole thing stops working. I have read about the security sandbox and allowDomain calls and all that, but I don't see how the domains are different. I am not deploying this to any server or anything, just trying to run the debug swf. I have access to local files by default, right?
View 3 Replies
Jun 22, 2011
I have at least one user that has received an "Adobe Security Updates" e-mail from Adobe stating, "A critical vulnerability has been identiied in Adobe Flash Player and Adobe Reader". I say at least one user because only one user has forwarded this message to my CIO.Now I know that my user is not running the latest version of these two applications.I can fix that.What I want to know is, why is he getting this e-mail?Anyone know who at Adobe I should contact to find out why?Is this because Adobe somehow knows that he's not running the most current version?Or is it just something that Adobe sent out because it seemed like a good idea at the time.
I push Adobe Flash Player, Adobe Shockware Player, and Adobe Reader when I install Windows 7, and autoupdates are disabled as part of the installation process.I'd rather handle the patching myself so I have a better feel for what is going on across my network.This user was upgraded from Adobe Acrobat 9.x to 10.x.That upgrade was performed manually be someone else.I wonder if THAT is why my uses is receiving this email?
View 2 Replies
Sep 6, 2011
I am new to FlashPro CS5. I need to use it with SlideShowPro Director and the associated product 'ThumbGrid'.I followed the instructions and settings from SlideShow Pro but nothing happens when I publish. They say I need to go to the flash security settings panel and add my local folder as a trusted location to execute the files from.I cannot find the flash security settings panel
View 5 Replies
Apr 29, 2005
I am new to FlashPro CS5. I need to use it with SlideShowPro Director and the associated product 'ThumbGrid'.I followed the instructions and settings from SlideShow Pro but nothing happens when I publish. They say I need to go to the flash security settings panel and add my local folder as a trusted location to execute the files from.I cannot find the flash security settings panel. Can I get a hint on where to find the flash security settings panel. I need to add my local folder as a trusted location to execute the files from.
View 4 Replies
Dec 17, 2011
here is my code:
stop();
import flash.display.Loader
import flash.net.URLRequest
import flash.events.Event
[code]....
I keep getting an error saying
SecurityError Error 2000 Bi Active security context
how to fix this and make my external swf unload on the event of a button being clicked?
View 1 Replies
Mar 22, 2010
I use a laptop which is never connected to the web for customer demos away from base. It does not have the Flash authoring environment installed either. Furthermore, a customer's own system used to run development versions of web sites using HTML with Flash content is not guaranteed to have web access either. Because some of the associated FLV files are quite large, uploading to a web host for such testing is not really viable even where clients have web access at meetings.
I have an AS3-based project which triggers Flash 10 local security protection on systems other those that used for authoring, for which the workaround is to set the source folder as trusted using the Flash Player Settings Manager. but [URL] doesn't seem to offer a useful way to avoid this problem without going on line to the Flash Player Settings Manager via an Adobe web site.
[Code]....
View 12 Replies
Mar 25, 2011
i have this error :
Fonts should be embedded for any text that may be edited at runtime, other than text with the "Use Device Fonts" setting. Use the Text > Font Embedding command to embed fonts.Attempting to launch and connect to Player using URL D:iagora
ovoguestgbook_v5.swf[SWF] D:iagora
[code]....
View 5 Replies
Aug 9, 2011
We're producing a desktop application that includes html and swf in AS3. We get the following error: Adobe Flash Player has stopped a potentially unsafe operation. The following local application on your computer or network: C:UsersDave%20ZelenkaDesktopworld-source...world.swf is trying to communicate with this Internet-enabled location: C:UsersDave ZelenkaDesktopworld-sourcesample-htmlsample.html To let this application communicate with the Internet, click Settings. You must restart the applcation after changing your settings.
So, I know how to resolve this by clicking the settings. But our users won't want to do that. What doesn't make sense is that the swf file isn't pulling anything from the Internet. The world.swf file shouldn't be communicating with sample.html, and not only that, they are located in the same folder.
[Code]...
View 11 Replies
Apr 8, 2011
I want to distribute an SWF file to be run on computers, not the internet.However, I want to be able to access the internet through a link controlled by a button.This used to work, now I get a security warning telling me I need to change the settings on my computer.For obvious reasons I don't want to make every person who runs the swf file to have to do that!Under Windows I can create an EXE file that does not create the security warning, but on the Mac that won't help.
View 2 Replies
Dec 20, 2009
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
View 1 Replies
Apr 29, 2009
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 Replies
Mar 5, 2008
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
View 7 Replies
May 8, 2009
I read about security issues in using GetURL.Is this only with javascript? If I use the getURL to open a blank window where all the HTML and swf are on the same server are those pages and swfs safe from injection, etc? I'm working in Flash 8 with AS 2.0.
View 3 Replies
Jun 29, 2011
i wrote a flash script that is embedded into an html page. The flash script (AS3), needs access to the users microphone and camera. I've seen on other websites when they want to use my camera/ microphone flash automatically pops up a box asking the user to permit.
In my case, even though in my global settings for my webpage it says "always ask" under permissions, flash doesnt ask me anything and just blocks the script from accessing the microphone. The script loads fine, just doesnt prompt for access and the user has to manually right click, and go to settings and put setting to "allow".
Searching for this topic on google is rather difficult as there is too much irrelevant stuff with the same keywords.
Edit: This is how i embed just in case im not doing it right.
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" width="200" height="20" id="myflash" align="middle">
<param name="allowScriptAccess" value="always" />
[code].....
View 2 Replies
Apr 16, 2010
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/")
xmlData = new XML();
xmlData.ignoreWhite = true;
[code]....
View 3 Replies
Feb 10, 2011
I have a flash movie which loads some images dynamically, through hphp gateway files. It works fine accessing through [URL]but not through [URL] So it does not work without www.I am passing from HTML to Flash through params flashvars the path of the server, with www.
View 2 Replies
Jul 7, 2011
I'm using a Amf channel , How to add security to My channel..
View 2 Replies
Feb 25, 2009
I am trying to create a security feature for my SWF's.I have a .txt file named security.txt.It has a variable called permissionGranted and is set to false
Code:
permissionGranted=false
Here is my AS:
Code:
Stage.showMenu = false;
Stage.scaleMode = "noscale";[code]..........
This doesn't work though,it traces true of false correctly but won't touch the if statement.
View 1 Replies
Aug 27, 2009
How would I go about checking this setting on a loaded SWF file? For example, I have parent swf A, loading child Swf B. Once swf B is loaded into child A, how do I check child B's local security setting property?
View 1 Replies
Nov 17, 2009
I have a script that uses a webcam as input the problem is my site needs to wait to do stuff untill the security box that allows the webcamera to be used has closed....I looked in the docs
View 2 Replies
Mar 1, 2010
am modifiying some flash banners with a simple link(fp 8, actionscript 2.0). Why do i get this flashplayer security warning when i click it?The original sample banners i'm working from don't have this. How can I prevent this from popping up, without going into adobe's settings?
View 1 Replies
May 27, 2009
I have a Flash swf file on one of my pages that's causing a Security sandbox violation. Basically it's trying to load a php file to do some things with mp3 files on my server. It works just fine, unless someone types in the url without the 'www' in front of it.
[URL]
the problem occurs. It still resolves to my site, but the domain appears different to the Flash app, and so the error gets thrown.
View 1 Replies
Jul 14, 2009
I have an XML file that my .swf opens and reads from my server. I actually have the .swf call a php file that builds the xml output which works fine. My question is, is it possible for anyone that can see my .swf project on their browser get the path to the php file that it calls?
Can I use POST in actionscript instead of GET when getting a url so I could hide the variables sent?
Is there a header or something that flash sends that I catch with my php file? So i can tell if flash is calling it, or if some user is just directly going to the file to get the information. Or if all else fails, can I have flash create a file on my server that when I call my php file it first checks to see if that file holds the right data before spitting out the xml. When other people link to my flash file on their server, it seems this method might still work seeing as it's my servers flash .swf being called.
View 4 Replies
Jul 25, 2009
I have a swf loading an XML with links to copy and images loading into a swf. When inside the "stars" folder the html page index.html, which loads the swf loads all the jpg and text files fine: [URL] However, when embed a link to the swf file [URL], into the page a folder above the stars folder, which is just [URL]... none of the images load. Nothing loads actually. I figure it's a security issue with sandbox, but I created a crossdomain.xml file and added an allowDomain to my starsFA.swf file.
View 9 Replies
Oct 29, 2009
so i was trying to lop an Internet radio player, that will connect to different shoutcast servers, and play the radio, of course in development time everything was ok, now the time came for publishing just to be surprised with this messageof course i know what to do, but the end user will most likely won't know, and also i think this is a set back for developing such stuff, i also once tried to develop a twitter widget same thing happened when trying to communicate with twitter output, to work around that i could load the xml file from twitter into a local file using php, but i see a lot of flash files that uses flickr, twitter, and other sites, so how do these widgets work without triggering the security message,
View 1 Replies
Nov 25, 2009
We have recently deployed Flash Media Streaming server 3.5.2 and Flash Media Encoder on a Windows 2003 machine. Do you guys know of any security best practices to follow for the FMS server deployment on a Windows machine, could you please point me to that resource.
View 2 Replies
Dec 3, 2009
I am loading an external swf file from the same domain into my main flash movie using an absolute path: The problem is that when someone goes to the site without the 'www' in the address: he movie throws a sandbox error upon trying to load the 2nd movie.I have a crossdomain in place set to: <allow-access-from domain="*" secure="false"/>.I also have: Security.allowDomain("*"); in the document class of the main moie.I realize I could use a relative path to load the movie instead of the absolute path, but shouldn't the cross domain file and/or the allowDomain command take care of the security issues? Is there another workaround besides the relative path?
View 1 Replies