Flex :: How To Add Security To Channel
Jul 7, 2011I'm using a Amf channel , How to add security to My channel..
View 2 RepliesI'm using a Amf channel , How to add security to My channel..
View 2 RepliesI'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
I am encountering a weird problem. I have a flex application that calls a HTTPService from another domain to retrieve some data. I have created a crossdomain.xml in my flex application with <allow-access-from domain="*"/>.
When i run my application http:[url]...., i can retrieve the data without error.But if i run my application http:[url]....., i encounter the Channel.Security.Error.
I have an application running on flex and php, connected using amfphp, i added a secure channel to services.conf of amfphp [code]how do i know if flex is actually using this secure channel? i tried [code]from the php side and they are both false ... but if i remove these checks it works fine, I'm using wamp, with mod_ssl, and working from localhost
View 2 Repliesi need to connect to two different domains from a single flex application. the problem is the domain other than the current hosted domain is unable to login. letz say i hosted the application at LOCAL server. im able to login to the local server . From the existing application i need a login to the MAIN server too. The problem comes up here. flash security is not allowing login to MAIN server. in crossdomain we allow-access-from MAIN server. but i want access to the MAIN server from LOCAL server. is ther nything i need to put extra in [URL]?
View 1 RepliesI tried to deploy my otherwise working flex app on a web server (tomcat 6).It threw a Channel.Security.Error.After some research, I became aware that flash movie loaded from flash_movie_domain will not be able to load resource from any other domain.Some suggested adding a crossdomain.xml.However, the crossdomain.xml route doesn't quite make sense.In this case, I am loading resources from a third party web site.My understanding is that I need this third party website to include a crossdomain.xml on their root directory in order for app to function.The third party web service is provided as is. I will not be able to change what's given. Since the third party is providing public access, it already explicitly give permission to the general public. Adding a crossdomain.xml to their root seems to be a redundant act?
View 1 RepliesIf you subcribe a Consumer in Flex, you need to assign a ChannelSet to the Consumer. In my case, I create a ChannelSet and then add a Channel to that ChannelSet.Apparently, the added channel is the current channel of the ChannelSet. But what if I would add two Channels to the ChannelSet? Do I need to set the currentChannel before subcribing?If there are two channels in the ChannelCet, and I trigger the login method on the ChannelSet, will both Channels be authenticated and connected?
View 1 RepliesI have a swf which, for some reason, has four RemoteObjects pointing to the same ChannelId, but they are listing that channel as being at two different spots. In four of the five RemoteObjects, everything behaves as expected, but in the fourth (WidgetService), the version on dev is switching from dev.context.root toloc.context.root. To make matters more confusing, it only does this on the dev server (QA and production are fine, as are local builds).The relevant information from the config files follows:
#This is from build.properties, which is used by Ant
#to build the swf on the server
flex.sdk.dir = /path/to/sdk/flex_sdk_3.2.0.3958
[code].....
I'm using NetConnection, NetStream and a flash.media.Video control to play back video files stored on the local machine. Works great for FLVs, and for H.264-encoded MP4s, but for non-H.264 MP4s, I often get audio, but no video.
I realize this is to be expected. What I'm wondering is whether there's a way to reliably detect that the video portion of the file is unplayable, irrespective of the audio. Of the many events available in NetStream, and even in the client callbacks (onMetaData, etc.), I don't see anything that explicitly informs for an unplayable video track -- I see NetStream.Play.NoSupportedTrackFound, and NetStream.Play.Failed, but for these videos -- i.e., playable audio, non-playable video -- I don't get either one, presumably because the audio works.
I am using Flex and php to develop my project. Everything works great in my local machine.However, when I upload my files to my serverI got the error when loading my flex application.The pop-up error message is
send failed
channel.connect.failed.error
Netconnection.call.Badversion: url:
[code].....
I have made a little mashup mixing maps, translate api and flickr. I get the directions from my map and make mp3 files on the fly to play them at the same time but they only play in firefox and for the rest of the browsers I only get my first sound channel with background music. can't figure out why.
[Code]...
I'm developing a chat system and i need to detect the FlexClient disconnect in Java, using the longpolling channel. I can't use the Streaming channel, because of some bugs that this kind of channel still has. Do you have any suggestion on how could i accomplish this? I'm using BlazeDS.
View 1 RepliesI am connecting to a BlazeDS server with a simple Flex component that is merely trying to subscribe to realtime dataHere are the Channels and Consumer
<mx:ChannelSet id="channelSet">
<mx:AMFChannel url="http://localhost:8080/MyApp/messagebroker/streamingamf/"/>
</mx:ChannelSet>
[code]....
I have implemented the login capability to my application using Flex(Blazeds)channelset login. But there is a strange problem, after about 2 minutes of inactivity if I try to perform any operation I see that my channelset has been been forcefully logged out Is there some configuration which I need to do in order to prevent this from happening. I tried adding this in my web.xml, so that the session persists but it didnt help my cause.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
when i do this locally on tomcat server on local development machine it works fine when i brought it over to linux im getting this error.i dont know what to do anymore it should be straight forward but i'm having no luck. i do have a web.xml and i see a broker for my remote access so i just dont know what it could possibly be
View 1 RepliesI am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 RepliesHow can i settings crossdomain.xml my flex project.* this is my crossdomain.xml.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
[code].....
I've tried lots of different methods but my project send error message "Security error accessing url Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL [URL]"
put the file in different places
C:wampwwwMYPROJECTin-debugcrossdomain.xml
(my swf url : http://localhost/bin-debug/test.html checked http://localhost/bin-debug/crossdomain.xml its ok)
C:wampwwwcrossdomain.xml
I added the load line of the project
protected function application1_initializeHandler(event:FlexEvent):void
{
Security.loadPolicyFile("http://localhost/MYPROJECT/bin-debug/crossdomain.xml");
}
if flex server type select none everythings ok. but server type select PHP need crossdomain.xml how can i fix.
I am trying to load external SWFs in my Adobe AIR App. The loaded SWF is trying to access an URL to retrieve some informations via XML. When starting the SWF by itself it works fine. When loading the SWF from the File.applicationStorageDirectory i will get an Security-Error because the loaded App is executed in a local-with-filesystem Sandbox appareantly. First Question: Is there a way to change this? That the loaded SWF is running in a network Sandbox?
Since that first attempt didn't worked i've moved the SWF to the app:// directory.Now i'll get a Security-Error because there is no policy file on the Server available where the XML data should be retrieved. Second Question: Why is the policy file not necessary when running the SWF by itself, but is necessary when trying to load the data from the application Sandbox? What am i doing wrong?
I made a swf that interacts with other site on the internet (which has a crossdomainfile for me).in the main.mxml there is a definition of webservice (mx:WebService)(which is not in my domain). Therefore when loading the swf, there is a first call to crossdomainfile.xml.I put this swf on my server so that my clients can get it.
When i connect to my server to download the swf, i expect to be asked if i want to allow the swf connect to foreign webservice domain.Do i always need to define exception in Global Security Settings panel?I don't want my client do define special things..Is there a best practice for that? Why when i surfing the net other swf can do this? I read about the FlashPlayerTrust, can i define there a website i trust my swf will connect to?
I am very new to flex, i have created a simple login page in flex and created a webproject in Eclipse having a jsp page. i have put that jsp page in tomcat webapps. Now when i run an application of login from FlashBuilder it runs fine as i have given the ip e.g [url]... and passing it as a url in HttpService and it worked fine. but when i put my login.swf file in webapps same in that folder where that jsp resides and un e.g [url]... it displays the page but when i click on the login button it gives me with this error "Security error accessing url"
View 2 RepliesI have a project which loads different info from xml files. everything were working good until something happened one hour ago... Flex started to refuse to load any kind of information from outer files... no matter where they are store, on server or in a same directory. When i say flex I mean when inside flex i press Run or Debug. He just stops working... I mean throwing error about security sandbox violation. It's also appeared that this is not for one Flex Project, but for all Flex Projects what i have.
View 4 RepliesHow can Nginx serve crossdomain.xml file to a flash/flex program. Basically I need to make nginx to respond to:
perl -e 'printf "<policy-file-request/>%c",0' | nc 127.0.0.1 80
with
<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="*"/>
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>
As we can see, the request is not a valid http request (amazing what adobe engineers have done!). I tried to use $request_method inside the nginx configuration file but no success yet,
I have a Flex frontend connecting via RemoteObject to Zend Framework's Zend Amf. This is my only means to transport data between client layer (Flex) and the application and persistence layers (LAMP with Zend Framework).Some ways I can address security are as follows:
I can address TLS by using mx.messaging.channels.SecureAMFChannel in my services-config.xml file and ensuring Flash player is loaded into a HTTPS wrapper and is in fact using HTTPS since the AMF protocol is layered on top of HTTP RemoteObject has a setCredentials method with which I can pass AMF authentication headers to protect user related data. Assuming TLS was actually secure I can expose methods on the endpoint after authenticating the User.I can protect against cross-site scripting and other FLASH vulnerabilities with a properly set up crossdomain.xml how to I protect my endpoint against another AMF consumer? For instance, if there were another AMF consumer (not Flash so not bound by crossdomain.xml and Flash sandbox security) other than my Flex client that knew my endpoint, what would stop it from using methods that the endpoint exposes?
As far as I know I essentially need a way to authenticate my Flex application against my Zend Amf endpoint. After AMF consumer authentication, I have some of the security mechanisms I mentioned above to protect certain pieces of data (like User authentication). I can not embed some sort of authentication mechanism into my Flex swf because the swf is vulnerable to decompilation (the swf can not be trusted). While sensitive data is protected via User authentication the unprotected data is hardly public but as far as I can tell is totally open for public consumption.
I am creating a TextField in my flash application, but when i am starting to write something the following error in written to trace:
* Security Sandbox Violation * SecurityDomain xxx tried to access incompatible context yyy
I've got the Spring Security preauthentication sample configured and working with JBoss. The next step is to somehow get the user information into a flex client GUI. What are some methods that will let me get the Authentication or UserDetails object that's created by spring-security on http access into the flex client? Since I'm logging in externally, I can't use channelset.login(), right? All the examples I've seen so far assume that the user logs in manually through the flex client, but the requirement is for container-based authentication. Using flex3, spring 3.0.4, spring-security-3.0.3
View 3 RepliesWhen I try to request a token from Twitter:[code]The weird thing is that it doesn't happen when I run my App in Debug mode (from Flash Builder) it just happens when I call my application from localhot:3000 (as I'm using Rails)!
View 2 RepliesIs there a way to detect this in Flash?
View 1 RepliesI am developing a flex application for mobile devices. This application will sync customer data down from an api to the mobile device. But once on the device I plan to hold it in sqlLite DB. How can I secure this data? I know that I could hash it but I guess that that someone would be able to decompile the application and get the hash key. I am new to flex and mobile development.
View 2 RepliesI had this error in a Flex Application that I couldn't figure out. Every time the app attempted to access the Web Service it returned the error Security Error Accessing URL.
View 1 Replies