Actionscript 3 :: What Is The Purpose Of Flash's Crossdomain.xml Protection
Jun 22, 2011
If you want to use content on another server, that server needs to host a crossdomain.xml file allowing access. If this file isn't there, flash won't let you access it. Given that it's easy enough to just write a proxy (say a php script that curls the external URLs) what is the purpose of this restriction? It seems that the content is still 100% available to external people, but there is just one extra hoop to jump through.
View 2 Replies
Similar Posts:
Jan 25, 2010
I want to create flash banner with XML content, and host it on my site with crossdomain.xml, and then share banner code with other sites for banner exchange.So, everything is on my server.Will loading banner, on other sites, load XML from my server, if both banner and XML resides on the same server, but banner is loaded on the other site?
View 1 Replies
Jul 13, 2010
I have some FLV videos was to play on web (play in a flash player, e.g. JWPlayer). How can I protect it? I do not want someone else to download these videos.The videos was high secret! Only allow play on my website.
View 3 Replies
Sep 7, 2009
I want to limit my SWF file so that it cannot be stolen and hosted on another server. So if the domain serving the SWF file isn't on a list of approved domains, the SWF will not load normally but will instead display a message that links to one of the approved locations. What I'm unsure about is how to access the domain that is hosting the file (or get the fully qualified URL of the file). If You know how to get that information, I'm using Flash CS4 to compile the code targeting FP 9.
View 2 Replies
Dec 25, 2010
I'm still a beginning in flash in general and I'm attempting to strengthen the protection of my .swf file.One of the ideas I had was to split the .swf file up, to so speak; creating a new swf with sensitive, but vital functions and values, storing it on my webserver, and having the launcher request the files after passing a few verification processes. Only flaw in this idea, is I have no idea how to add a class (if that's the right term?) to my project. I reversed another .swf file which included the same method using Base64 encryption, but I'm not too sure how to add an external .as file to execute in my project.Of course, I've also found additional methods, such as using DCOMSoft SWF Protector (which wouldn't do much good) and obfuscation programs (which, too, can be reversed). I've recently found out about a .SWC called AS3Crypto, which I have no idea how to use. I've added the file to my AS3 Properties, but that's as far as I have gotten. The rest of AS3Crypto and its mysteries remain vague to me, and I am unable to find any useful information via Google.
I would really like to split the .swf into parts having them in different areas to make it more difficult to reverse, but I am not too sure how effective that would be, let alone how to actually do it. In regards to the external class (terminology?), since I was unable to find how to implement it with my project, I thought of salvaging the functions from the reversed .swf I have found and adding them into my internal script. Even then, the package begins with public class $Base64 extends Object -- extendsI assume simply adds additional functionality to objects, but I do not believe this is entirely necessary.
View 4 Replies
Mar 16, 2010
I've always found it very annoying that Flash takes over the write protection of files that has been used, and suddenly felt an urge to do something about it. I'm not sure if it always happen on all computers but at least most of the times I can't rename a folder if a fla-file in it at some point have been opened in Flash if Flash is still running. So I have to close Flash in order to rename or move files.
View 2 Replies
Oct 24, 2010
1.When a person Logs In, a PHP file makes an XML file of questions from the DataBase2.The Flash application then calls for the XML file .. Reads from it and asks the question to the user.3.This XML file also has the answers to the questions so that i can show on my Flash Application.4. The Problem:Softwares like Tamper Data (it Firefox Extension which gives you the power to view, record and even modify outgoing HTTP requests.give the complete path of the XML file when it is called by the Flash Application.
View 14 Replies
Feb 23, 2011
I wanted to find out how my intellectual property, such as graphic designs, photos, tweens designs, etc can be protected in a .swf flash file?.This is because there are .swf file decompliers which can very easily convert my files into .fla and so access can be gained to my jpeg designs, photos, etc.Is there a best practise which can be followed whereby some form of security measures can be taken within flash code, etc? And if so does anyone know what these measures are?
View 6 Replies
Aug 23, 2007
Using flash is there anyway to detect the users IP address as a means of identifying someone who tries to copy your work off the internet?
View 7 Replies
Oct 4, 2011
I'm building a networked client app with Flash Builder, and would like to be able to set environmental variables or #define's such as server's hostname and port. For debugging purposes I want to connect the client with different servers (and for other devs too). In C/C++ I'd define TEST_PORT=8888 or something in the IDE or build environment, that way I wouldn't need to commit a settings file along with the client. But not sure what's the standard for Flash Builder.
View 1 Replies
Apr 28, 2010
i have to implement flash streaming for the relaunch of our video-on-demand system but either because i haven't worked with flash-related systems before or because i'm too stupid i cannot get the system to work as it has to.
[Code]...
View 1 Replies
Sep 11, 2011
Is there any AS3/Air library for Zip files with password protection support? Previously i check FZip, it was great but it doesn't support encryption! Also another library that works good, but it not support encryption too.
View 1 Replies
Mar 16, 2012
Any way to set up individual Flash Access protection settings for each of some <Location /{url-path}> tags in httpd.conf in the Apache. I have found in the documentation that EncryptionScope can be set to content or server. If I set it to server and use FlashAccessV2 as ProtectionScheme, how or where do I specify the Flash Access certifications and so on?
View 4 Replies
Jul 23, 2010
I am profiling some AS code by measuring wall clock time. In order to minimize the error I need to run the code for a long period of time. However, flash seems to protect itself from unresponsive scripts by throwing an exception after some period of unresponsiveness, namely: Error #1502: A script has executed for longer than the default timeout period of 15 seconds.
Is there any way to disable this protection, or at least extend the timeout period?
View 2 Replies
Mar 3, 2011
I'm looking for a really really small linux distribution or process of making my own that's sole purpose is to get an air application to launch full screen and stay there; Essentially I'm building a home kitchen computer that runs entirely as an AIR app.
I have looked into using windows xp; and windows xp embedded but they pose so many issues I figured I'd try modern linux.
I have also seen TinyCore Linux which looks interestingly small but not sure what issues that poses in regards to running AIR and "hardware" accelerated display. I've also thought about stripping down an Ubuntu installation but I'm sure somebody must have done this already; google is just failing me right now.
[Code]...
View 3 Replies
Apr 25, 2011
feasable protection of my Zend_AMF gateway? I mean, how can I prevent someone from calling my service methods?
View 1 Replies
Jun 28, 2010
I have a (self-created) swf demo with button triggering getUrl('SampleTargetPage.html')Now I want to place the swf at our cdn at [URL] while my html page resided on [URL]More structured:
[URL]
I thought it would be sufficient to provide a crossdomain.xml at cdn.example.com to allow the links work. But: it seems like the Flash plugin never queries the crossdomain.xml at all!Now, is there something which I must add in the SWF itself to make this work?
edit: do I need to use Security.loadPolicyFile?
edit: Maybe I don't need the crossdomain.xml at all because everything's under [URL]?
View 2 Replies
Sep 2, 2010
I have a flash app hosted at The contents of that crossdomain.xml file are as follows:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
[code].....
View 2 Replies
Nov 3, 2009
I have a web service running in http://server/abc/service which is being accessed by Flash from a different domain. I deployed a cross domain policy file to http://server/abc/crossdomain.xml and made the Flash load it using: flash.system.Security.loadPolicyFile("http://server/abc/crossdomain.xml");
in the constructor of the main movie clip. However, when the Flash starts, it requests and loads this file (observed in Firebug), but then it also requests it from the root of the server (i.e. from http://server/crossdomain.xml) which does not exist. Subsequent HTTP requests don't work reporting security cross domain errors. When I put the policy file to the root of the server, it all works. Why does it request the policy file from the root as well even thought it loads it from the subdirectory? Why the subdirectory policy file is not enough?
I should also note that the two policy files are loaded before any application HTTP requests are issued.
View 2 Replies
Apr 28, 2010
I am trying to connect to a socket server from flex. I read, on adobe's documentation, the client automatically sends a "request-policy-file" xml element to the socket before allowing it to be opened, and should receive a policy file.
The client sends the xml element as expected, My server receives it (on the port I want to use, port 6104) and replies on the same port with:
[Code]...
View 1 Replies
Aug 10, 2010
I am trying to build a youtube player with flash and everytime I load a video, there is a runtime security sandbox error..I already put crossdomain.xml in my root serverbut I am still getting the errors...Do I miss something? Do I have to load it into my flex project?
<!-- <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
[code].....
View 4 Replies
Oct 27, 2010
I have updated the crossdomain.xml security settings for my site - but it seems that the older version is being cached in both IE and Chrome.I've checked the headers sent by the server and it's not sending any cache control headers that would be forcing the browsers to be caching crossdomain.xml.
In an attempt to get around the issue I've also linked to my crossdomain.xml file in an iframe on the site. This hasn't worked though and flash still seems to be using the old security settings.
View 2 Replies
Nov 2, 2010
How can I disable crossdomain.xml check when the executing swf has been loaded on localhost?
Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.
I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.
Some external servers do not provide crossdomain.xml for their hosted SWF files.
I am running locally. I want to have full trust for debugging purposes.
How do I do that?
I will not consider AIR as it cannot be used from HTML5 application.
Adding the url "http://localhost:2541/xxx.swf" to "C:UsersArvoAppDataRoamingMacromediaFlash Player#SecurityFlashPlayerTrustu.cfg" did not help.
[URL]
View 3 Replies
Feb 7, 2011
How do I set the flash crossdomain.xml file to only allow https ssl secured connections? I have this but I think this will allow non secure connections too.
< cross-domain-policy >
< allow-access-from domain="*" secure="false" / >
< /cross-domain-policy >
View 1 Replies
Apr 12, 2011
The player loads a flv video file seeon.flv from another domain.Currently, even without a crossdomain.xml in the server where seeon.flv is located, the video is loaded fine.This is not the behavior I want or expect it to be.I also tried putting a crossdomain.xml with the following content:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="none"/>
</cross-domain-policy>
From firebug, I could see that there's a request to the crossdomain.xml before accessing the video file (seeon.flv).It returns the content fine , with the Content-type of application/xml, but it still allow the cross domain behavior.
View 1 Replies
Aug 20, 2009
I am developping this video player: In the exemple above, the player is loading this start image, to display it before the playing of the video:Here, I then tell the player to load the same image, but on another domain: As you can see, it doesn't work anymore. I searched on Google and discovered that I theorically had to add a crossdomain.xml, to make sure that there isn't security protection that avoid swf to load images from other domain. so put these two files on my different domains, to tell the swf to accept files from all * domains
View 2 Replies
Aug 10, 2010
I'm building a Flash based RSS reader, to be run on a kisok, but it's getting tripped up by crossdomain issues. In the abstract: SWF loads local TXT file containing paths of remote RSS feeds (XML files), then loads the feeds stored at those remote paths.
[Code]...
I was under the impression that an single asterisk/wildcard in quotes would mean any domain could access content on that server. But it's not working that way. I've tried changing the Publish Settings to "Access Local Files Only," and "Access Network Only," to no avail. I've also tried adding all of the relevant files to the trust list in Macromedia's Global Security Settings page.
View 2 Replies
Mar 29, 2011
I am trying to get the RequestToken with flex from
[Code]...
View 3 Replies
Aug 2, 2011
I'm writing a web application using three tier architecture. I have three Amazon EC2 ubuntu servers. The first server handles the presentation of the application and includes my main flash file. The second EC2 instance represents my application server. It contains the AMFPHP files and corresponding web services. Finally, the third instance handles persistance and is running a MySQL database. Both the presentation and application servers are running an apache web server. I created security groups specific to each tier such that the presentation layer will accept all incoming traffic on port 80 while the application layer will only accept incoming traffic from the presentation server. This should allow anyone to request my web application from the presentation server but prevent anyone from accessing the web services on my application server.My flash application cannot make web service calls to my application server. When a request is sent, I never receive a response from the server and eventually receive a security sandbox error.[code]It seemed odd that I wasn't receiving a response, so I decided to try a couple of things:
1. I connected to my presentation tier via ssh and attempted to use lynx to connect to my application server's gateway.php. I was able to connect without any problems.
2. I used Chrome's developer tools window to observe network traffic when loading my site. I found that it is attempting to load the crossdomain.xml file (which resides in the root of my web server [/var/www] on the application tier) using a GET request; but strangely, it times out and fails. This is where I am confused. How come I can use lynx on the same machine to connect to the web server on the application tier but yet the flash app can't access the same file?
While running some tests, I decided to open up the application server instance's firewall such that it can receive http requests from my IP. As soon as I did this, the application being hosted on the presentation tier immediately began working (Received a response from the web service)! However, this means I would have to force my application tier to accept http requests from the internet in order to work, which is not something I want to do. I don't understand why making this change would allow the application to grab the crossdomain.xml file. If the application server's security group is set to accept incoming http requests from the presentation security group, it should have no problem acquiring the crossdomain. xml file residing in the web server root of the application server right? I've spent more time than I would like looking into this issue. I really would like to setup a three-tier environment for my application in which the flash application will be able to send web service requests to my application layer. The most confusing part about this is the fact that when I add my computer's IP address to the application server's firewall, everything seems to magically work as intended. Please correct me if I am setting my application up in the wrong way. I am basing my architecture off of the following:URL..
View 1 Replies
Jan 9, 2012
I have a Windows Server 2003, with a domain: "mydomain.com" and everything goes right until the Flash application tries to load de crossdomain.xml, because it tries to load it from "servername" and obviously the request fails. Currently I have read all about crossdomain.xml , what it is, where it goes although I can not find what I have to do so my flash application requests the crossdomain.xml from my domain "mydomain.com" and not from my server "servername".
- The domain is up and can be accessed from the internet
- The crossdomain is on the root folder and also can be accessed from the internet
View 2 Replies
