Actionscript 3 :: Flash Client-Server Security?
Nov 26, 2009
My client wants to create an online Flash game. Once they have completed the game, they are awarded a score, which is passed and logged on a server. This score determines whether they win a prize at the end of a set period, depending on the scores of other players.
I need to consider a situation whereby a user wants to cheat by intercepting and modifying the data that is sent to the server. Although I have considered, and would obviously use HTTPS, this wouldn't prevent the actual player from doing this.
It seems to me, that I can't have any kind of secret that the server has knowledge about within the Flash, as this will accessible to the player.
Even though a lot of people on this site seem to be suggesting it in other posts, I am not sure that using an obfuscator is an option due to the value of the prizes at stake. We have used this technique before for lower value prices.
View 2 Replies
Similar Posts:
Dec 20, 2009
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
View 1 Replies
Mar 8, 2012
We're writing a flash application that can download a MP3 file, convert it to a Sound object, get the raw data and make some processing (like adding sounds, change octaves). After the processing, we want to send the data back to the server in chunks, so the server will be able to glue the data together and recover the new generated file. The problem is: if we send to the server "wav" pieces of sound, we are able to glue them together without any problem in the generated file. However, if we convert each wav piece to a mp3 file (so we can send a smaller file to the server) and join the mp3 files at the server, the result is a sound with some problems at the merge point.
This is how we load the mp3 file from the server:
sourceSnd.load(new URLRequest("sample url to mp3"));
sourceSnd.addEventListener(Event.COMPLETE, carregou);
This is how we convert each piece of mp3 to bytearray and wav:
[Code]....
View 1 Replies
Oct 27, 2010
how can I find on fms server that client disconnected if if client disconnected due to power cut off. I client manually close the application then onDisconnect on server is called but if due to power cut off it does not called.
View 1 Replies
Jul 6, 2010
Apply the security patch found here:http:[url]............For more information see the followingresource:CVE: 2009-1365
View 1 Replies
Jan 2, 2011
I am trying to create a flash player to stream an on online Internet radio station using FMS. I chose FMS after being told that I need RTMP server to extract the metadata. Our radio audio is being encoded using a DJ interface called SAM Broadcaster. But for some reason, it does not have an option to send over the stream directly to a Flash Media Server. Only options are either IceCAST or ShoutCAST. How should i setup the stream? Should it be Stream encoder>> IceCAST/SHOUTCast Server>>Flash Media Server>>Flash Player Client. Or should I setup Stream Encoder>>Flash Media Server>>Flash Player Client? Shouldn't Flash Media Server be an alternative to IceCast or Shoutcast? If that is the case, how do I send over the stream from SAM Broadcaster directly to Flash Media Server without restreaming through another streaming server?
View 2 Replies
Apr 30, 2010
I have a bunch of flash videos that I need to watermark with user related information, to make illegal re-distribution of these files harder.I'm wondering how can this be done server-side. If done client-side, it will be quite easy for the user to intercept the videos before they are watermarked.Since the watermark should contain user-specific information I can't really watermark the videos before encoding them (unless I have an encoded video per user - not feasible).I'm expecting this to affect the streaming performances a lot, though
View 2 Replies
May 21, 2010
In Flash, I have the ability to save certain info onto the server. Now the problem is the user needs to be authenticated as admin in order to do so. I can't use sessions, since if you work longer than 20 minutes in the Flash application, the session is gone. The way I see it, I have 2 possibilities:
1. passing a parameter (bIsAdmin) to Flash from the Website.
2. Launch a http-get request, to get this value (bIsAdmin) from an ashx handler
on application startup, when the session has not yet exired.
In my opinion, both possibilities are not really secure... So, which one is safer, 1 or 2?
Or does anybody have a better idea ? In my opinion, 1 is safer, because with 2, you can just switch a packet tamperer in between, and bang, you're admin, with permission to save (or overwrite, =delete) anything.
View 1 Replies
Sep 15, 2010
We are currently in the process of trying to connect a c# server from a flash app. This hasnt been a problem so far - we have simply used the Socket class.We now have a requirement to encrypt the stream using SSL/TLS. This is no problem in c#, but much more problematic on the flash side. So far we have found two options: As3crypto lib, and AIR 2.0 SecureSocket. However, neither option has proved to be successful.
As3Crypto - TLSSocket
Using this method when we execute the code, the server throws an exception - this appears to be due to As3Crpyto's PARTIAL support of TLS.
AIR 2.0 - SecureSocket
We are currently using the latest Flex 4 SDK. We have imported AirGlobal.swc to alllow us to create a SecureSocket in a similar manner to the TLSSocket. The code builds but does not run - some File Not found error or something - probably because SecureSocket is not found in the runtime. I assume this is because AIR is intended for desktop applications rather than apps embedded in a browser.
So, now we're stuck. We have the option of encrypting the data instead using some PGP algorithm available in the As3Crypto lib. However, we would much prefer to encrypt the stream using something like TLSSocket or SecureSocket.
View 1 Replies
Jul 30, 2009
I have a Flash client that I want to connect to a server. Both are using localhost and port 50000 so there shouldn't be any cross-domain problems. I also set Access Network Only in the publishing settings. When I call the XMLSocket connect, the server seems to get a new connection. But, the XMLSocket.onConnect callback is not called with success=true.[code]...
View 2 Replies
Apr 13, 2010
What technology are better (robust, stable, speed) for rich web app with flash movies, chat, etc. Somebody said that Red5 will drop down if more that 50 users try to suck video stream from it. Is there people who use Java on server side and Flash for client side?
View 1 Replies
Jul 24, 2011
How can the disconnection or Closure of the flash client be detected while using a php backend which ensures that only active client usernames are present in the datbase. My approaches were to use some polling method - where the client sends some message to the server periodically else the server deletes the client's name from the DB assuming it is closed - or to use some augmenting javascript code that informs the backend of a closure event.
View 1 Replies
Aug 25, 2010
how to remove flash player security pop up for camera and microphone through coding.
View 4 Replies
Sep 11, 2007
I guess this is more a question about PHP and MYSQL, but since Im using flash as the interface, I wanted to know if anyone knew this. Is it possible for someone to basically trigger one of my php documents that inserts variables to the Database through an swf ran outside my server? I know for example flash has a security feature built in to prevent flash from loading xml files from server to server. If anyone knows more about flash security issues and tips let me know
View 3 Replies
Dec 12, 2010
Can a flash client program communicate with a server using HTTP connection like it would do in a JAVA-oriented fashion:
String URLS = "http://" + s.getHostName()
+ ":8888/Producer/getItems";
try {
[Code]....
View 1 Replies
Feb 22, 2011
I'm building a Flash-based Facebook game with a Java backend, and I'm planning to use a RESTful approach to connect the two of them (not a persistent socket connection). I'm using the AS3 library to connect the client to Facebook, so that's where I have my session information stored. However, how do I authorize client connections back to the server? I can't leave the callback URLs open since that'd let people manipulate game state without playing the game. I need to make sure that the calls are coming from a valid client and through a valid session.
At the moment, users have no direct login to the backend server -- it's all handled through the client frontend. Can I pass the Facebook OAuth2 access token to the backend in a way that the backend can verify its validity? Should that be enough to trust a valid frontend connection?
I could do a two legged OAuth signed request or just use a simple shared secret, but the keys would have to be packed in with the flash client, which makes that almost useless for this use case.
View 3 Replies
May 5, 2011
I'm a new grad, so please be kind. I'm working on validating input in a Flex DataGrid cell that the user can edit. The rows in the DataGrid are backed by an mx.collections.ArrayCollection that includes a [Bindable]Model that I wrote. I want to validate against a custom client-side Validator, if-and-only-if that passes I want to validate the input on the server. If client-side validation fails, I want to display the normal validation error (see image below). If server-side validation fails, I want to use the same sort of UI components to notify the user. The solution should not include any external framework (Cairngorm or PureMVC).
[Code]...
How do Flex programmers validate on the server, immediately after the valid client-side validation passes?
I realize it seems silly to search out this "synchronous" design and I hope someone has an answer to solve my problem with best practices. In my defense, the reason I want to validate on the server immediately following client-side validation is so that I'm using Flex's validation framework. If I get an invalid response from the server, I want to leverage the built-in UI components that Flex has to tell the user something is incorrect about his/her input.
View 3 Replies
Jul 6, 2011
We're currently working on a small scale indie card game for Facebook, which we hope will reach hundreds of thousands of players (eventually). We have most of the issues figured out (scalability, server-side architecture, etc) - however one question - communication between client & server.
We have the following requirements:
Server side push messages (no client message request) High scalability (should support at first hundreds and later hopefully thousands of CCUs) Secure, reliable layer Work well with most computers, routers & browsers Works with Adobe Flash/AS3
First thing that came to mind was socket connections, but I was wondering, is there a better solution that answers our needs?
View 2 Replies
Sep 22, 2011
I want to make an auto-play for some flash-based web-game, but I don't know how to capture and monitor the request from the flash client to the server.
View 1 Replies
Jun 29, 2010
i have a small LAN of about 8 computers all of which are running windows 7. I have installed FMS and XAMPP webserver on one of the machines. I want to stream live from one PC to all the other PCs on the LAN. I have a webpage with jwplayer embedded in it on my XAMPP webserver that is able to see the live stream when i start it locally. I mean the live stream works fine on the machine with the servers on it. But when i want to view the live stream from another machine in the LAN by accessing the webpage that has the jwpalyer from another machine, The jwplayer returns "server not found:rtmp://192.168.10.1/live" error. I was thinking that maybe a firewall is blocking the 1935 port but i have turned off the firewall of every PC on the LAN. I have unistalled any antivirus program on all the PCs. But i still get the same error when i try to access the live stream from another PC on the LAN.When i run netstat -a -n|find ":1935" i get 192.168.10.2:49184 192.168.10.1:1935 SYN_SENT and i think the request for the stream is sent but the conection is rejected.
This is the code for the webpage with jwplayer embedded in it. maybe it:
<html>head> <title>JW FLV Media Player</title> <script type="text/JavaScript" src="swfobject.js"></script>
[code].....
View 3 Replies
Jan 8, 2010
i am new on steaming & flash server; when we try to use RTMP over HTTP the outside client gets the internal IP address of the FMS server instead of the NAT one or public IP address, how can we solve this.
View 1 Replies
Apr 18, 2010
I have created a script for an Adobe FMS application to broadcast a playlist of video files as a live stream. (internet tv)
I am now working on a custom Flash-based video player to play my stream.
How do I send information from my server-side FMS application (main.asc) to the client-side video player? (e.g: title, duration of current video player)
View 2 Replies
Sep 6, 2010
I understand how clients use bandwidth detection etc to dynamically switch streams via client calls with ns.play2( ... ), but I was wondering if it's possible to only ever use 1 initial ns.play( ... ) call on the client side, but let FMS server side logic that I write dictate which client sees what content. For example, I have 3 clients connected to my FMS server, all watching a live stream. I then decide I want clientA to see 'recordedMovieA.flv', clientB to continue seeing the live stream, and clientC to watch 'recordedMovieB.flv'.
[Code]...
View 5 Replies
Apr 7, 2010
i am currently playing around with a flash media server trial in combination with the flowplayer.All in all i am testing the performance and general functionality for the company i work for.Anyways, i am trying to search a way to check the bandwidth of a client ( server sided ) and redirecting him to the right video stream.Sure this could be done by the backend flash application, but its out intention to perform this check server sided.
View 4 Replies
Sep 19, 2010
I want to limit server recorded netstream length to 10 secs at client side using as3. How can I do that?
View 2 Replies
Oct 20, 2010
I created an intranet site for the company and it is on the server, so the staff can view it. My webpage consist of flash for the viewing of images. The problem is the client who can view my webpage has no flash installer or totally no flash installed on their computer. Actually I have a flash.exe or flash installer in my server. I want to happen is when they view my webpage there is a pop up message for the auto install of flash installer and once they click automatically the flash would be installed. I mean the location of installer in the server they can catch? Is it possible? how the client can have the installer through pop up or any way.
View 14 Replies
Apr 28, 2010
I m working in flex3.0 and i just want to know that how can i call a function from fms server to my AS3.0 (Client Side) code.i tried the syntax client.call(methodname,null,null); but my flex code throw exception unable to call the method.here can i use clientobject.call (methodname,null,null) and is there some special way to declare that method at client side.
View 3 Replies
Oct 9, 2011
No I have installed fms4.5, but I can't find good docs how to set something like this up. In Learning section I saw a lesson, but this one isn't ready.So I want to publish using flash and the subscribers to the livestream can be iPhones or Browsers.
View 13 Replies
Jul 18, 2010
I am trying to send info using USLStream from flash client to JAVA server.Some of the info is Chinese so i have to use Unicode.
View 1 Replies
Sep 8, 2011
im using an open source program called Festival that generates text to speech, and in ubuntu i call its method text2wave that converts text into a wave file. I am looking into converting short paragraphs to wave files, but the problem is that each wave file ends up being approximately 1.2MB in size. The wave file is recorded at 16khz, and while recording at 8khz halves the size of the wave file (sacrificing sound quality), the wave file is just simply too large. These paragraphs have to be served many times to the clients and our server can not support that much bandwidth. Is it possible to compress the file on the server, and decompress it in my flash script (on the client side) and play the wave?
View 1 Replies
