Php :: Process AJAX Requests More Securely ?
Mar 19, 2010
I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try.My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on.
<?
$allowed = new Array("64.120.211.89", "64.120.211.90");
if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden");
?>
Both of those IP addresses point to my server. Things I'm worried about:
1) If I send a request from Flash/ActionScript, will that affect the IP address in any way?
2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses?
View 3 Replies
Similar Posts:
Dec 4, 2009
The main top section of the site is a little Flash thing that has buttons as links to different areas of the site. All of that is well and good, but whenever I click those links, it has to reload the entire page (including the Flash app) when only the bottom part changes. This isn't really a huge issue, since everything's real small, but it's kind of annoying.I vaguely remember "fixing" this behavior using AJAX during my web programming class, but that was just straight HTML and Javascript, no Flash players to muck around with.My question is, how do I overcome having to reload the entire page when someone clicks a link from the Flash object? Is there some nice way I can call something other than getURL() to achieve this effect?
View 2 Replies
Sep 14, 2010
I have a Flash based game for the browser which sends users' scores to a php backend script which stores the score and the user id in the database.
Now I have a url like www.example.com/update.php?score=200&uid=234
The problem is that this is very much exposed to an intelligent user, and he can use this url to store whatever score he wants in the DB. Also there's no real user authentication, and I don't intend to have one either, because it's really a tiny game.
How can I stop someone from calling the above url and updating his score on his own.
View 2 Replies
Aug 28, 2010
I'm interested if there is some tool (preferably a firefox addon) that allows you to record http requests and view their response header and content.
View 3 Replies
Jul 19, 2011
In terms of HTTP request performance should I pick AJAX or Flash? To be more specific, I'm more into Flash than AJAX and I'm currently working on a wide scale web project. I wanted to try AJAX out for once and now it's getting too messy for me. Before it gets more complicated I thought may be I can run Flash on the background for HTTP Requests and use it with javascript. I couldn't find any benchmark on the Internet, but I think AJAX is faster than Flash. So what's your personal experience? Is there too much difference between Flash and AJAX?
View 4 Replies
Feb 21, 2011
I have problems with facebook application based on flash which communicate with PHP using FBJS-bridge.When someone use the application for the first time, he/she is asked for various permissions. After that, flash contact PHP with ajax but request is never sent. When you refresh page, everything is working without any problems.If you remove the application on privacy settings, refresh the page and try again -same bug happens.If you allow application, refresh page, in other tab remove application and start application in previous tab - user is asked for permissions but everything is working after allowing application.This is FBJS code
function openPermissions(){
Facebook.showPermissionDialog(/*permissions string*/, permissionOnDone);[code]......
openPermissions is called to display permission dialog, and on allow flash function allow() is called. In flash, allow() calls JS function ajaxCall(), which should make ajax request. But, ajax.post never sends request. I know that for sure, because flash function parseAjax was never called and also debugging tools in browsers are not showing any ajax requests. URL and parameters are same as when it is working. No flash or JS errors are detected...
View 1 Replies
Oct 1, 2011
I need to pass private data from MySQL to a flash file securely. I have a PHP script that is assigning variables on the server side - how do I pass this to flash without being available publically? I assume XML and an HTTP query string are out of the question because of security. What's the most secure way of doing this? Basically I have some file paths that I need to load into a music player - however, I don't want these URLs to be publicly known. I was hoping I could pass data directly to flash securely somehow.
View 2 Replies
Jul 31, 2011
I have developed a facebook application in which I am sending data from Flash to Php.Its actually a game based on Flash 8 and at the end I send data by using
loadVarsNum()
using POST method to flash but the problem is this data can be easily tampered so I want know that how can I secure my data from theft or any hack
View 2 Replies
Mar 27, 2012
I'm creating a game for a viral marketing campaign where roughly one in 100 players will get access to a QR code for some exclusive thingamajig. The game will require information to be pulled and pushed from the database since the game environment will 'grow' over time.
I haven't decided yet on how to do this, but I had 2 ideas, each with their concerns:
solution 1: connect the SWF to a database
concern: I have decompiled SWF's before and it is remarkably easy. How do I protect my database credentials against this?
solution 2: have the SWF connect to .php scripts that query a database. This way my database connection credentials are safe inside the php file.
concern: However, how do I then make sure the PHP script isn't being accessed by a custom script? Somebody could get the php URL from the SWF source and just access it directly, bypassing the flash app.
View 2 Replies
Feb 3, 2007
I have an already built flash mp3 player. It works fine, but the client wants the mp3's inaccessible to to users except through the player.We currently have the mp3's themselves in folders inaccessible via http using .htaccess. We bypass this by loading the mp3's via a PHP script (using file_get_contents()). However, if a user accesses the path of the php script, they will be prompted to download the mp3 anyway.Does anyone know the method in which sites like myspace securely loads mp3's?
View 3 Replies
Apr 23, 2008
I have developed a facebook application in which I am sending data from Flash to Php.Its actually a game based on Flash 8 and at the end I send data by using
loadVarsNum()
using POST method to flash but the problem is this data can be easily tampered so I want know that how can I secure my data from theft or any hack.
View 1 Replies
Oct 15, 2006
ok so when i need to connect a swf to some sort of data source on the server be it XML, a .NET DLL, a CFC or what ever so that i can load data from a database or what ever, everyone is always saying that i shouldn't hard code the connection string into my actionscript as anyone can get it and do malicious things with it. So how should i load the connection string into flash. if i put them on the server in an XML file or somthing like that then i still need to put a connection string into the actionscript in order to load in my main connection strings into the actionscript.
Basically i need to know how to load an external string into a swf without anyone else being able to get hold of that string for them selves. i am developing an app for somone and i need it to connect to a database and i need it to be secure. i have everything sorted except making the connection string to the database unstealable.
View 1 Replies
Feb 7, 2011
I want to make sure that only authenticated users are publishing streams to my Adobe Flash Media Server.
Ideally I would like to limit the IPs which are allowed to publish streams to the server.
I read about the Adobe Authentication Plugin, but apparently it is broken since it works only for Adobe Flash Media Live Enconder. It doesn't secure the server for other encoders that publish streams.
View 1 Replies
Feb 15, 2011
Here's what I want to do: when a player wins a game (coded in flash/actionscript), they are given a personalized secret key, which they can email to me in exchange for a prize. I can then validate the key on my end using a private algorithm. I need to design it so that it is practically impossible for hackers to generate a valid prize key without winning the game.
I assume that any SWF file is basically vulnerable to decompilation, but I don't know exactly how vulnerable they are. Perhaps any algorithm for generating a valid key will be accessible to hackers? I have at my disposal all the methods in actionscript 3, as well as a PHP/MySQL server, and I control the server where the game will be hosted.
View 5 Replies
Jun 30, 2010
I have a swf (flash file) who is making http request.
Which is the easiest way to see what request the flash application is doing?
P.S. I do not have the program as a fla file
View 4 Replies
Oct 11, 2011
Unfortunately, Flash Player doesn't support using request headers with GET requests, as noted here, due to what Adobe terms "browser limitations": Due to browser limitations, custom HTTP request headers are only supported for POST requests, not for GET requests. That means I need to create my own HTTP socket class from scratch and find a way to run a policy server on the machine I'll be querying. Hooray.If I want to make a simple GET HTTP request with HTTP-Basic auth headers, what do I need? I'd need something like
socket.write("HTTP GET REQUEST PAYLOAD HERE");
socket.flush();
What do I put in the write method to compose a GET request?
View 1 Replies
Apr 3, 2009
Can flash player listen to php requests (without specifying from which php file the requests are arriving ?)
In other words, I need a listener for php events. Maybe with the help of javascript?
View 6 Replies
Jan 2, 2011
I'm havin 5 button MC's (btn1-5 with animation) in a navi MC also there is a contentHome MC where all my content is. Above my content is a mask which fades the content in and out again.So now I'm trying to tell every button what to do, here's the code I'm using e.g. btn1 which is the home button.[code]but for some strange reasons it's not really reacting to my bio, music, and gallery commands, it keeps running the last command (booking).I must admit I just started using if-commands and all that stuff so I'm kinda new to these things, but I think flash only reacts to the last command and delets the others, because I did something wrong in my code writing, but what is it?
View 1 Replies
Nov 17, 2009
I am developing an AIR application with Flex Builder that requires me to make two HTTPService requests at the same time. They both use different instances of the HTTPService AS3 class. Both services are calling a RESTful API which is currently running on my localhost (XAMPP) and takes a few seconds to respond (much quicker on live server). The problem is that most of the time one of the calls fails, however occasionally they do both work. Its also random as to which call will fail. Both calls use code something like this. This code is basically repeated in two classes.
[Code]....
View 3 Replies
Feb 19, 2010
I have a Flex client that loads data from a server to display a chart. This data may change, so the client regularly repeats the request. Since the result may require some work to retrieve, I'm going to have the server detect if the result has changed, and issue a 304 status if it hasn't.I haven't seen any headers in the Flash Player's requests which would indicate that it's already handling conditional GETs. Also, the HTTPService API doesn't seem to provide anything, either. Does that mean, Flash can't do this, or how can I implement this myself?
With regards to cookies, which aren't supported in Flash, I have heard the suggestion to build my own HTTP client on top of the Socket class. This might solve this issue, too, but frankly, I'm really not keen on doing that.As an alternative, I could just cache the result page and send it again, but so far, the API tries to utilize semantics that are already built into HTTP, and I'd like to keep it that way.
View 2 Replies
Sep 13, 2010
I have a big loop in actionscript that sends lots of data to an url:
for(var i=0;i<1000;i++) {
var request:URLRequest = new URLRequest();
request.url = url;
request.method = URLRequestMethod.POST;
request.data = data;
var loader:URLLoader = new URLLoader();
loader.load(request);
}
The problem is because URLLoader can make only asynchronous calls, it sends all those thousands requests at once which kills webserver. Also it acts a bit strange on top of that. Lets say the loop is running for 5 minutes. For whole 5 minutes there is no requests coming to web server, then at the end they all are sent at once. I already tried everything I could possibly think of (empty loops, callbacks, delays) - nothing works. All requests are sent at once no matter what. How to make requests synchronous, so it will send one request after another?
View 1 Replies
Oct 7, 2010
I can modify my PHPRequest object so that it can detect and handle errors from my webserver? Normally after each of my successful requests, it dispatches that event which I listen for and then I can handle the data in the resultArray. During these times I notice I'm receiving a HTTP STATUS of 200 in my http status handler.
View 0 Replies
Oct 12, 2010
Is it possible to catch some external URL requests from loaded swf?
I have loader swf in which I need to load another swf. Those swf files I load are extarnal and I don`t have fla sources.
There is one large *.swf community which allows *.swf creators to upload their swfs. However, that should be packed swfs in one file, with no external script requests.
View 1 Replies
Feb 26, 2009
I cant figure out how to trigger different url requests from my xml in one function.
Code: Select allprivate function drawButtonsFromXML(loadedXML:XML) {
var xmlInfo:XMLList=loadedXML.main.button;
for each (var xButton:XML in knappInfo) {
[code]...
So in other words.. Im getting all the names from the xml and adding them to the stage. But i dont know how to add the @site to the different buttons.
View 2 Replies
May 13, 2009
I am trying to load in an External SWF inside my Flash file and have only been able to load one successfully. I am loading the one successfully through doing...
---
var request:URLRequest = new URLRequest("http://www.brianhauser.com/550/mouse_draw.swf");
public function NewPortfolio():void{
loader.load(request);
[code].....
View 1 Replies
Aug 31, 2009
Any best way to handle multiple URL requests. This is what I have:
Code:
function dropCick(evt:MouseEvent):void {
if(evt.target == dropDownM.dropBtns_mc.menFoot_btn) {
var URL_6:URLRequest = new URLRequest();
URL_6.url="[URL]";
navigateToURL(URL_6,"_self");
[Code] .....
I would think there would be a better more efficient way to do this.
View 4 Replies
Apr 13, 2010
I have this odd situation, let me provide some background: - I have SWF and PHP files on a shared host, along with a MySQL database - I'm using urlloader requests to interact with the database via the PHP files.Everything works for me as expected. However, the end user is having trouble. Basically, none of the urlloader requests actually make a request - I'm basing this on all of the *.php requests in the access log from my IP, and none from his IP. I had him load one of the PHP files directly, and it came up fine, so I've ruled out firewall/security problems on the OS level.
Now - what could possibly cause this? He has 3 machines running XP and win 7 (all with the same issue), and he's using IE8 with the latest flashplayer. I've set up an XP virtual machine with IE8 and also the latest flash player and it works fine. I've also tested on a separate laptop running Vista. I've also tested with chromium and FF3 under linux and FF3.6 under XP (flashplayer versions 9 and the current 10.x) and everything works hereI've tried a crossdomain.xml file allowing from *, allowing from the domain where the files are hosted, and no crossdomain.xml file at all.
View 6 Replies
Nov 13, 2010
there is an issue i am curious about very much. when i develop a flash application or web site, http posts and requests, links etc.. everything can be seen with add ons. what do you suggest for this issue? i cannot find any good solution, what solutions to be used generally?
View 13 Replies
Mar 19, 2012
I need to configure FMS server so that it will listen to only RTMP request and disable other services like HDS and PLD. What configuration is required for this arrangement?
View 1 Replies
Jan 25, 2010
As you might know, browser's security model does not allow a script loaded in a page from http:[url]... to make cross-domain requests (no AJAX calls to any other domain other than url...).The Javascript file itself could have been served from a different domain altogether (url....) and that is irrelevant. This is the Same-Origin Policy.
Flash also has something similar? But does Flash treat the origin to be the HTML page where the .swf file was loaded or origin is the domain which served the .swf file?
So http:[url]... loads a .swf file from http:[url].... Now .swf can load resources only from [url].... or only [url....? I'm assuming there are no cross-domain.xml files setup on either [url]....
View 1 Replies
