Flex - Security Behaviour In Adobe Air?
Apr 15, 2010
I am trying to load external SWFs in my Adobe AIR App. The loaded SWF is trying to access an URL to retrieve some informations via XML. When starting the SWF by itself it works fine. When loading the SWF from the File.applicationStorageDirectory i will get an Security-Error because the loaded App is executed in a local-with-filesystem Sandbox appareantly. First Question: Is there a way to change this? That the loaded SWF is running in a network Sandbox?
Since that first attempt didn't worked i've moved the SWF to the app:// directory.Now i'll get a Security-Error because there is no policy file on the Server available where the XML data should be retrieved. Second Question: Why is the policy file not necessary when running the SWF by itself, but is necessary when trying to load the data from the application Sandbox? What am i doing wrong?
View 1 Replies
Similar Posts:
Oct 23, 2011
No matter what I do, my transitions won't work as expected. I'll explain the issues and then place the code at the bottom. There are 4 States in my application.
goButton is present only in "State1" and "State2". State1 and State2 are nearly the same, but the y property of the goButton is diffrent in each. So I've made a little transition that moves the Button back and forth. Good so far.
However, both "State1" and "State2" can also be Transitioned to "State3". But there's no goButton in "State3", so I've used the <s:Fade> and the <s:RemoveAction> effects to get rid of it.
[Code]...
View 3 Replies
Jul 19, 2011
An Adobe FLEX 4 object loads from a webpage and runs in the browser. The connection between browser and server is secured using SSL over HTTP (HTTPS) with a secure certificate from a valid Certificate Authority.
Can FLEX code read the secure certificate information and retrieve information such as to whome the certificate was issued, when it is valid, and for what domain it was issued, etc. ?
View 1 Replies
Dec 4, 2009
I am building a photography web site with flash and I found a really cool slide show extension plug in (www.slideshowpro.com) were can easily upload and update my portfolio slide shows.when I publish out to HTML, I test it in a browser and I get this warning when I click on the photography page.I read in adoby help and it said flash developers can allow communication between sites with this AS code Security. allowInsecure Domain ("nathan44. slideshowpro.com");so I added this code to my actions layer on the firs frame in "scene 1" and to the actions layer in the photography section. But nothing changed i still get this warning when ever I publish out to an HTML, when I just preview with control + enter i can view the sideshows fine.
View 4 Replies
Mar 9, 2011
I've faced such situation. I've used to program in C#, and such code:
[Code]...
was asking both, condition1 and condition2 to be true (the case when they both are giving false and the end-result is true, could be achieved in other way). In Flex, same code would perform "some actions" if the both conditions are false. I just was wondering if is there any chance to make it break after finding first false in a queue, or I have no choice and should write nested if's?
View 2 Replies
Jun 22, 2011
I have at least one user that has received an "Adobe Security Updates" e-mail from Adobe stating, "A critical vulnerability has been identiied in Adobe Flash Player and Adobe Reader". I say at least one user because only one user has forwarded this message to my CIO.Now I know that my user is not running the latest version of these two applications.I can fix that.What I want to know is, why is he getting this e-mail?Anyone know who at Adobe I should contact to find out why?Is this because Adobe somehow knows that he's not running the most current version?Or is it just something that Adobe sent out because it seemed like a good idea at the time.
I push Adobe Flash Player, Adobe Shockware Player, and Adobe Reader when I install Windows 7, and autoupdates are disabled as part of the installation process.I'd rather handle the patching myself so I have a better feel for what is going on across my network.This user was upgraded from Adobe Acrobat 9.x to 10.x.That upgrade was performed manually be someone else.I wonder if THAT is why my uses is receiving this email?
View 2 Replies
Dec 7, 2011
i just wanted to say that there is a security lack with the HTML Protection.If you have a domain e.g.and you protect your rtmp streams with html protection, you can steal streams like this if you know the swf path:Then you can steal easily streams.Asolution is to not allow all subdomains automatically when you enter a domain in the allowedHTML~.txt file. Then you could create a subdomain for the player,
View 1 Replies
May 27, 2010
I am building a Audio Recording tool using Flash and Wowza. I dont want to start the recording until the use clicks the Allow Button is the Security Pop-up question represented here [URL] In Audio I dont get this until I attach the stream to it. In Video can get thsi question when I attach the camera to Video.
I want to avoid making a connection until the user clicks Accept and this doesn't happen until I make the connection request in Audio. I am able to display the [URL] pop-up using SecurityManager Is there a way I can call the pop-up from my code. [URL]
View 1 Replies
Feb 20, 2012
I have the following xml declaration:
public var reqData:XML = <root>
<Requirement ID="REQ-GEN-0.1" title="exigence gen 1" description="blabla 01" testable="true"/>
[code]....
View 1 Replies
Apr 30, 2009
This Adobe Flash Player Security box is really getting in my way. I have a button that acts as a lind to a web page It has this bit of code programmed to it:
button.addEventListener(MouseEvent.CLICK,buttonCli ck);
function buttonClick(event:MouseEvent):void {
var req:URLRequest = new URLRequest('http://...");
navigateToURL(req);
}
Can anyone tell me if calling navigateToURL() causes this security box to appear every time if you havent trusted this .swf in your flash settings? i have looked at a way to handle the "link" with javaScript but before I get too deep into something I'm not too familiar with I wanted to see if there was a way to here within flash while avoiding the flash security box.
View 1 Replies
Sep 15, 2011
I created a custom layout for a list, to be used on a mobile (android). I used this as example : [URL], using virtualization. Now the problem I have is with scrolling : when scrolling to the bottom of the list, there seems to be always a "bounce back", as if the list would have reached and as if the bounce/pull effect is taking place. But in fact the list has not reached the end at all, in fact I can not even scroll to the last element in the list. When going back from bottom to top, there's no problem at all.
I trace the top and bottom of the Scrolling Rectangle (Rectangle.getScrollRect) and there I can see that when scrolling down, the top and bottom parameters increase, but when releasing the touchscreen, all of a sudden the parameters decrease again with a certain amount, and so never reaching the end of the list. All my code is available on google project hosting : [URL]
View 1 Replies
Dec 20, 2009
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
View 1 Replies
Feb 22, 2011
I have a swf, loaded into the non-application sandbox in Adobe AIR 1.5 (the shell is already installed with our users so I can't update to version 2+).On the stage in the swf are buttons, movieclips, animations etc - all of these work fine.When we add an input TextField, selecting this TextField causes a Security Sandbox Violation. Error message (in debug mode) is (I've edited the actual file names):
[trace] *** Security Sandbox Violation ***
[trace] SecurityDomain 'file:///path/to/local/loaded.swf' tried to access incompatible context 'app:/loadingApp-debug.swf'
[code]......
View 1 Replies
Mar 21, 2011
Multiple axis creation via MXML works fine:
http:[url]...
But when I'm trying dynamically create horizontal and vertical axis then I'm getting extra axes. I believe this is Adobe bug. How I can fix this behavior?
<?xml version="1.0" encoding="utf-8"?>
<s:Application
minHeight="600"[code].....
View 2 Replies
Feb 12, 2010
I have some shared code between an Adobe AIR App and an Adobe Flex App.
On one line of this code, the program must behave differently depending on if it is running within the Air runtime, or the Flex runtime.
How can I programmatically detect the difference?
View 1 Replies
May 19, 2009
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
View 5 Replies
Apr 17, 2009
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 Replies
Apr 7, 2011
How can i settings crossdomain.xml my flex project.* this is my crossdomain.xml.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
[code].....
I've tried lots of different methods but my project send error message "Security error accessing url Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL [URL]"
put the file in different places
C:wampwwwMYPROJECTin-debugcrossdomain.xml
(my swf url : http://localhost/bin-debug/test.html checked http://localhost/bin-debug/crossdomain.xml its ok)
C:wampwwwcrossdomain.xml
I added the load line of the project
protected function application1_initializeHandler(event:FlexEvent):void
{
Security.loadPolicyFile("http://localhost/MYPROJECT/bin-debug/crossdomain.xml");
}
if flex server type select none everythings ok. but server type select PHP need crossdomain.xml how can i fix.
View 1 Replies
Jul 6, 2010
Apply the security patch found here:http:[url]............For more information see the followingresource:CVE: 2009-1365
View 1 Replies
Jul 7, 2011
I'm using a Amf channel , How to add security to My channel..
View 2 Replies
Jun 23, 2011
I have a flash component written in flex which reads a xml file and shows up its data. This works fine in IE and Chrome, but not in Firefox.When i used fiddler to check for the problem, it started working fine.And now i have come to the conclusion that when fillder is running in the background and i access the flash component it works fine (reads all the xml data and shows it up), but when i close fiddler and do the same....i get the following error, "Error reading {myfilename} file."
View 2 Replies
May 31, 2010
I made a swf that interacts with other site on the internet (which has a crossdomainfile for me).in the main.mxml there is a definition of webservice (mx:WebService)(which is not in my domain). Therefore when loading the swf, there is a first call to crossdomainfile.xml.I put this swf on my server so that my clients can get it.
When i connect to my server to download the swf, i expect to be asked if i want to allow the swf connect to foreign webservice domain.Do i always need to define exception in Global Security Settings panel?I don't want my client do define special things..Is there a best practice for that? Why when i surfing the net other swf can do this? I read about the FlashPlayerTrust, can i define there a website i trust my swf will connect to?
View 3 Replies
Feb 15, 2011
I am very new to flex, i have created a simple login page in flex and created a webproject in Eclipse having a jsp page. i have put that jsp page in tomcat webapps. Now when i run an application of login from FlashBuilder it runs fine as i have given the ip e.g [url]... and passing it as a url in HttpService and it worked fine. but when i put my login.swf file in webapps same in that folder where that jsp resides and un e.g [url]... it displays the page but when i click on the login button it gives me with this error "Security error accessing url"
View 2 Replies
Sep 10, 2009
stop();
import fl.events.DataGridEvent;
function endEditHandler(evtObj){ trace(DataGrid_Main.getItemAt(evtObj.rowIndex)
[code].....
View 7 Replies
Jun 19, 2009
I am making a input field for keywords, and while the users writing I'm displaying suggestions for keyword on a list underneath the caret position.The input field is single line, so I am using the arrow up/down key to select a suggestion and Enter to insert it.And it's mostly working, with the big exception that the up/down key also changes the caret position to the begining/ending of the TextField.
I've tried using preventDefault() and stopImmediatePropagation() in the KeyboardEvent.KEY_DOWN event listener that I also use to change the selected suggestion, but that does not change anything.I checked the carret has not yet moved when KeyboardEvent.KEY_DOWN event is fired, bu visually I can see that it is being move before key is released (key up).
View 4 Replies
Sep 30, 2010
I have several two-sided ecards made with Papervision and TweenLite to flip them over.A couple of days ago the "flip" animation changed behaviour. This is in ecards I made several months ago. The ecards work OK but the PPV object is not positioned correctly.On the server, in IE the object is displaced to right and down by about 20 px. In FF it is displaced to up and left by about 10 px.In Chrome and Safari the display is OK.(Just to confuse you further, the display in FF is OK on my localhost).This effect seems to be local to my PC.
I have scanned for malware etc twice but nothing. I have the latest Flash player and browsers.
View 1 Replies
Jul 31, 2009
I have a project which loads different info from xml files. everything were working good until something happened one hour ago... Flex started to refuse to load any kind of information from outer files... no matter where they are store, on server or in a same directory. When i say flex I mean when inside flex i press Run or Debug. He just stops working... I mean throwing error about security sandbox violation. It's also appeared that this is not for one Flex Project, but for all Flex Projects what i have.
View 4 Replies
Nov 22, 2009
How can Nginx serve crossdomain.xml file to a flash/flex program. Basically I need to make nginx to respond to:
perl -e 'printf "<policy-file-request/>%c",0' | nc 127.0.0.1 80
with
<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="*"/>
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>
As we can see, the request is not a valid http request (amazing what adobe engineers have done!). I tried to use $request_method inside the nginx configuration file but no success yet,
View 3 Replies
Jan 15, 2010
I have a Flex frontend connecting via RemoteObject to Zend Framework's Zend Amf. This is my only means to transport data between client layer (Flex) and the application and persistence layers (LAMP with Zend Framework).Some ways I can address security are as follows:
I can address TLS by using mx.messaging.channels.SecureAMFChannel in my services-config.xml file and ensuring Flash player is loaded into a HTTPS wrapper and is in fact using HTTPS since the AMF protocol is layered on top of HTTP RemoteObject has a setCredentials method with which I can pass AMF authentication headers to protect user related data. Assuming TLS was actually secure I can expose methods on the endpoint after authenticating the User.I can protect against cross-site scripting and other FLASH vulnerabilities with a properly set up crossdomain.xml how to I protect my endpoint against another AMF consumer? For instance, if there were another AMF consumer (not Flash so not bound by crossdomain.xml and Flash sandbox security) other than my Flex client that knew my endpoint, what would stop it from using methods that the endpoint exposes?
As far as I know I essentially need a way to authenticate my Flex application against my Zend Amf endpoint. After AMF consumer authentication, I have some of the security mechanisms I mentioned above to protect certain pieces of data (like User authentication). I can not embed some sort of authentication mechanism into my Flex swf because the swf is vulnerable to decompilation (the swf can not be trusted). While sensitive data is protected via User authentication the unprotected data is hardly public but as far as I can tell is totally open for public consumption.
View 2 Replies
Aug 17, 2010
I am creating a TextField in my flash application, but when i am starting to write something the following error in written to trace:
* Security Sandbox Violation * SecurityDomain xxx tried to access incompatible context yyy
View 1 Replies