LoadMovie Security?
I have a base movie on one server loading in swf files from another server
I am unable to target my base movie from the swfs that are loading in. is there a security feature in flash that stops movie targeting from different servers? If so is there any known work around?
Ultrashock Forums > Flash > ActionScript
Posted on: 2003-05-20
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
LoadMovie Security?
I'm using LoadMovie to load SWF files.
I control the embedded player, but the loadMovie'd SWFs are arbitrary SWF files uploaded to my servers.
This embedded player may be viewed on my website, or on other sites. It of course loads arbitrary SWFs (potentially "mean"), which are stored on my server.
Crossdomain.xml is set to allow all domains.
I'm not terribly concerned about the SWF files doing "goofy" things, but I don't want them to be able to access the cookie file for a user and send it to someone else.
How can I protect myself?
Security Sandbox & LoadMovie
For the last month or so I have been building a website, we have encountered a few problems with the LoadMovie command failing to actually load the movie (script error on my part) but now we are confronted with a more confusing problem.
to complete the full site, we were asked to integrate the 5 current files into 1 single file because using separate files with getURL controls brought up (if only for a portion of a second) a white background before the correct black was loaded. This was, in the view of our artistic benefactor, intolerable and considering the proffesional look (hah) we are trying to achieve had to be fixed. After asking the designer of our benefactor's previous site (http://www.spencerrowell.com and a couple of others, we were led into a dead end. The only suggestion which seemed plausible was that the default flash background was not black (the colour which needs to appear instead of white) and was causing the problem. Unfortunately all of the files use a default black background, and this is my first (and only non actionscript related) question:
Does anyone know if there is an issue with flash version and background colour? (this question is really just incase there is a simpler way out of question2, as a way to link the pages by URL and not see a white background between pages would make things a whole lot easier)
Back to the point of this forum and topic. After experiencing the problem of the white background appearing between pages, we started using the loadMovie control(function/command.. not sure of the correct term i am in many ways still a total noob) to load the 4 files (3 galleries and a movies page) into the first file, which compromises of 4 randomly moving movieclips which also act as buttons when moused over. After finally getting the buttons to move the player to a loader movie clip, (some dumbass mistakes with _root) I had to learn how to use the loadMovie function properly. With a holder movieclip ready, I tested the file and found all 4 files loaded correctly, though upon loading the file the next morning to fix a few minor design bugs (basically the back button in the files allready on our server linked back to the original version of the file I have been editing to load the gallries and movie page), the file upon testing started throwing security sandbox violations front,left and centre. from looking over the file, there are 2 glaring errors which the sandbox causes:
1. images clicked on from the images scroll in the galleries page do not appear in the main part of the flash movie.
The problem presumably is because the images on the scroll use the gotoAndPlay command, but according to the macromedia document, this should not cause an error as the command is called from within the gallery.swf and executed within the gallery.swf
The images on the scroll in the gallery.swf use the script:
on (press) {
_root.image.gotoAndStop (2)
}
I'm at a loss to see why this causes a sandbox error when the command is executed entirely within the galleries sandbox. (though i may be wrong... that's why its here in help) Originally the most obvious reason for this problem seemed to be the fact that the edited file was a local source and the gallery was from the server. Unfortunately the file has the exact same problems when uploaded to the server as it does when running locally.
2.The movies page dosent start, in test all the movieclips load but when the page tries to run another sandbox error appears.
Like the previous problem, i assumed that being in the same directory on the same server as the movie page would solve the problem... again I was totally wrong.
To load the movies the code;
this.frame.loadMovie("http://www.omnimovi.com/srnew/fla/srcw.swf");
,is used which upon first test let the files load and work fine, before aforementioned waking up to sandbox errors aplenty.
and to put the last few paragraphs as a simple question here is:
Question 2. What can I do to solve these sandbox errors, could it be a server problem, how could i find out if it was a server problem and is there actionscript which will allow my galleries to run properly within my file?
Here is as much technical specs as my feeble mind can discern of what im using for this:
Macromedia FlashMX Professional 2004
Flash Player 7
Actionscript 2.0
the links for the 3 galleries and movie page:
Colour photo gallery:
http://www.omnimovi.com/srnew/fla/srcw.swf
Black & White gallery:
http://www.omnimovi.com/srnew/fla/srbw.swf
Screenprint gallery:
http://www.omnimovi.com/srnew/fla/srsw.swf
Movies page:
http://www.omnimovi.com/srnew/fla/movies.swf
Also, the swf of the current version of the file (SRRM7.swf) czn be found: here and a .zip of the .fla right here
Any help would be really appreciated, im hoping there's some glaring error that someone slightly smarter than I will spot easily *prays*
I also hope this is in the right forum, this is my first post here on flashkit and the errors seemed to be coming from loadmovie so actionscript seemed the best place to ask for help.
sorry for a slightly *ahem* long post, I just really need some help with this, i've searched the forums here and can't seem to find anything quite along these lines. To sum up for those short of attention span:
1. Does anyone know of a way to solve the between pages white background
2. If the answer to 1. was "no" or "impossible", does anyone have a clue why the flash might be causing the sandbox error (even when online) and how might it be fixed.
3. I also wondered if anyone knew a much easier/effective way of approaching this file, and combining it with the other 4 files.
Many thanks, LiNt
Also, yes my organisation of layers in flash sucks and probably many other things to, as i said earlier im a bit of a noob and this is the first website i have ever attempted in flash (or atall for that matter), please be as detailed in criticism/help as you can ^_^
Security Related Issue (loadMovie)
Hi,
I am developing an application with which u can personalize its interface by loading images into it and skinning certain parts. I load the images mostly using loadClip and loadMovie both. I am thinking that in a worst case scenario, the xml that i use to load the images can have url to swf files that coud
A. manipulate my code,
B. run a code that hangs my user's PC (like an infinity loop).
Now I have recently seen it in the docs that 'system.security.allowDomain' is a way to explicitly tell which domains to allow the script access from, else by default it does not allow access from other domains so, i can say that my problem A is solved here.
My question is, does that mean that it wont allow the scripts in the loaded movie are also ignored? if no, then is there any solution?
Problem With LoadMovie With External File (Security.allowDomain)
I need to load swf from the in a Flash projector (executable swf).
I'm trying to do a simple loadMovie
Code:
my_mc.loadMovie("http://www.mysite.com/external.swf");
this works fine in debug mode.
But when I publish and test this with the local swf, it don't work anymore.
What do I need to change to my local file and with the external loaded file to make this work ???
I know I need to use System.Security.allowDomain() but since I'm calling from a localfile I'm not sure what I need to put as the domain...
Thx
Security
I realise that it not the most secure site in the world but I have organised a static site that has password access using arrays in flash. Simple but Adv.s and Disadv.s from anyone? I have already taken care of the obvious and put all important frames not on the scene timeline (in nested movie clips instead) so that the user can't just right-click and progress the frames to get access.
It is a temporary arrangement but I would like a deeper understanding of the current situation.
Any help and insight would be very useful thankyou.
SWF Security
I just wanted to ask if SWF files are secured? What I mean is that can programmers/hackers get or take a view on the source code by using the swf. Or can hackers determine the variables that are being passed from one swf to another swf or can they track variables sent from swf to databases? Hope to hear from you guys.
Security
Does anybody know how to really protect yor actionscript in flash MX.
It's so frustrating spent so many hours to develop an application and people using swfdecompiler, flasm or etc still your code.
Security
question: how to disable to someone link my flash to another site, or should i said steal?
Security
Can we make our flash movie run on computer only when that CD is inserted in CD rom. it should not run by copying the same flash file on hard disk. it should always ask for cd.
Security
what is the best way to stop people nicking your swf as heard this can happen
thanx
shaun
Security
Ok, so i have my main movie loading external SWFs,,,, now what is to stop people from just downloading the swf,,,, for example,,,,
"www.mysite.com/mainmovie.html"
when u press a button u load movie.swf
so in my directory its ;
"www.mysite.com/movie.swf"
how do i stop people from being able to go directly to movie.swf, or even downloading it ,,,,,i only want the MAIN movie to be able to access it.
thanks in advance
Security?
i've heard recently that SWF decompilers
are running about...and are probably legal
is that true?! then Flash files arent safe anymore
people can change the file's credit to whoever!
and oh yeah, in terms of contect security, which ones
better, java or flash?
anyway, haha i had nothing much to ask ryt now.
Getting By The Security Pop Up
is there a way to prevrnt I.E from asking this each time the page is loaded without haveing the person viewing the page adjust there security settings.
Security
can anyone tell me the importance of putting security/protection on your .swf files?
Help SWF Security
what is the problem for SWF file won't work in IE?
In my All SWF files working in browser as well, but one SWF file not working
in browser.
What is the problem may be?
please send reply
About Security...
just a n00b question:
is there a way to read the actionscript from a swf?
was just wandering... till now i have used passwords like when i send them to a php script, the php checks if its correct.... but is it safe to just create a password field on the first frame and then the password protected stuff is on the second frame?
sry for sucha stupid question :P didn't find an answer anywhere...
FMS And Security
When I try to connect from a file "client.swf" to a FMS application (eg.
nc.connect("rtmp://www.myServer.it/myApp/room_1") ) the player shows the following message to the user:
Macromedia has stopped a potential unsafe...
The following local ...client.swf
is trying to comunicate...www.myServer.it
Is it possible within client.swf (or in any other way) to trust the domain in which reside the server
application, avoiding the user be prompted?
Thanks in advance
Beaver
Security Is At It Again. Is This Possible?
my program loads a web page and operates on it then displays stuff.
now security dosent allow me to do this if i put this file on a server. any ideas?
i do not have access to the domain i retrieve data from.
Security
I have an AS3 application (SWF) that uses a URLLoader to load an XML file from my own file system, and then uses SWFLoader to load images, swf's, and so forth also from my own file system. This application will run in many IE-based browsers (SlimBrowser, Avant, etc) with no problem as a stand-alone application.
However, with Internet Explorer itself (version 7 or higher I guess) as well as Firefox, it will not run unless I include the directory of the SWF and the other files in a FlashTrustFile. Putting a directory in a FlasTrustFile file means you trust SWF's in it to access both the internet and the local file system. But my SWF is not accessing the internet, so I don't understand why the FlashTrustFile is necessary.
This would be especially problemmatic if I want to show the application to someone else. i.e. telling them they have to set up a "Trust File" just to view it (although I have written a simple utility to facilitate that.)
However this bring me to my second problem:
I tried emaling the SWF along with its related files to myself, and my email browser flagged it as a virus. Even after I downloaded all the files into a new directory, none of my browsers would let me run it. If I turn off virus checking in the e-mail client that solves the problem, but I what do I tell others - "To view this, you have to turn off virus checking in your e-mail client." That would be unacceptable to anyone.
Sorry if the simple solution to all this has eluded me.
Any help?
Security
I'm creating an area on my site for visitors to view several flash slideshow type presentations. These presentations have audio also. My problem is that I don't want these presentations to be cached on visitors PC's and allow them to be distributed without my permission. I could seperate the audio and stream is with the flash presentations but unfortunately my host does not offer this service.
My question is, how can I secure my flash presentations?
- Thank You -
Security
Hiya
Just a quicky, I was wondering about making some kind of shopping cart or shop in flash but dont really know how or anything about this.
Is there any tuts on it or can someone just let me know if its actually secure or not. If not then i wont bother
cheers
Craig
FCS Security
Hi, I have a question.
On my FCS server a user can connect to my rtmp (rtmp://etc..) from localhost, how can I avoid this? I want that only movie on my server can connect to my rtmp...
Thanks to all
Imran Hashmi
www.visionstudio.co.uk
www.seo-professional.co.uk 0044-7969012441
Security In The Swf
Hi,
I'm a designer considering creating a video project with Flash. I've read some of the security threads on the board, but they are way over my head. I will have a simple Flash file with text and a dozen imported FLV video files. If I use the "protect from import" option, will that keep the videos from being stolen from within the swf? Or, is that just a mediocre hurdle that can be easily overcome by someone wanting to dig into my file?
Thanks.
Karen
Security
Is it possible at add security to control who views captivate/shockwave files other than digital rights management?
Security
I have flash application. I use swfkit to convert my application to EXE.
but my question is, data that is transferred between my exe and amfphp isnt secured !?
how to secure this data ? so that it is crypted or something.
if others can hack to this data that is transferred between the client and server, it can do alot of damages for the user whos using client-application
Security In FMS
Hi guys,
I have FMS on my server but I have 2 questions on security ..
First: How can I make a User & Password request when connecting to the server through FME
Second: How Can I allow and deny specific domains from watching the stream
Regards ,,,,,
FMS Security
Hi,
Is it possible to control who can stream to my streaming server?
I have 4 locations in Europe that have a pc with a Webcam and Flash Media Encoder Installed
Each FME is profiled to stream to my FMS and I have a 4 Camera Console Built for Live Meeting Situations. It works fine.
It seems though that the local "IT" guys have figured out the rtmp streaming path and I have seen on FMS on several occasions these guys having their own "Video Chats" just by changing the stream name.
I want to stop this if possible.
Any suggestions or ideas would be grateful.
Security
Greetings all! Is there any way that you can make a flash movie un-copyable. Going beyond right clicking, im talking when you do a screen print, all you see is a grey box or something
I know this happens when you try to screen print streaming media. If this is possible, any tips on how that might be done?
Security In IE?
Anybody seen this ever? -- "Click to activate and use this control" (small alt tag over flash area that IE inserts...)
It seems only to be showing on a few peoples browser (IE) , and Im guessing they have extra security / activeX not enabled???
Please can any one who actually Knows what this is, point in me in how to take this out / tell me what browser setting the user needs to enable / unenable ??
Cheers all - pix
PHP Security
I build a php for a registration form for my website that i developed. Somehow security is one of my top priorities in protecting people information
I read an article about filtering but i'm so confused because i'm so new at php. HEre is the original php code fragment.
Code:
<?php
$to = "whoever email address";
$subject = "Join CCF";
$userName = $_POST['visitor_name'];
$userEmail = $_POST['visitor_email'];
$userPhone = $_POST['visitor_phone'];
$headers = "From: ". $userName . "<" . $userEmail. ">
";
$headers .= "Reply-To: " . $userEmail . "
";
$headers .= "Return-path: ". $userEmail;
$message = "Name: " . $userName;
$message .= "
Email: " . $userEmail;
$message .= "
Phone: " . $userPhone;
if (mail($to,$subject,$message,$headers)) {
echo "output=Thanks for joining. We look forward of having you as a member";
} else {
echo "output=error";
}
?>
Here is the code from the article
Code:
Before submit:
$emailPattern = '/^[^@s]+@([-a-z0-9]+.)+[a-z]{2,}$/i';
if (!preg_match($emailPattern, $emailFieldToTest)){
print 'Please review the email address you entered. There seems to be a problem';
}
After Submit:
function safe( $name ) {
return( preg_replace(array( "
", "
", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
}
any ideas?
Swf Security
Hi all. I'm a new forum user here and I have some questions. First the info: I use flash studio mx 2004 pro version. I used the flash xml photogallery tutorial for a company's photo gallery. Which isn't online yet cause they would like to incorperate some security to it. Which I too, would like to learn more about, and how to make the flash files and content a bit more secure.
I know nothing is completely secure when it comes to the internet. But where can I find some good resources and tutorials on how to keep the content secure? I've done some searching around but my searches seem to be coming up short.
What I'd like to do is find out how to A: deny a user from hotlinking B: deny cacheing of swf files and content ( gallery images, & descriptions ) C: deny playability locally.
I've seen some places like wolfgangsvault that even somehow hidden the playlist of their music and location. Which also used a cookie session, otherwise wouldn't work. But I believe they used 8.
If anyone has info on any of this I'd greatly appreciate it. Thanks,
Lone Wolf
Security In Fmx
Sorry if this has been answered, but a search turned up nothing useful. I am looking to incorporate a simple online ordering section to my website, simple as in: it will merely send in an email containing the ordering info, and the order will then be completed as if it were a phone order or something. I hope you can see what I am getting at, but my question is basically this: I could use either a PHP script that would send the email automatically (or i guess, put it in some sort of "order database") or use "mailto" to send a filled out email from the users address. Now, is either method secure enough to send credit card information? if they both are, is one more secure than the other? if neither is secure, is there any way to send credit card information through fmx? thanks for the help!
[AIR]Web Cam Security
I made a small AIR apt, I would like to know what you think.
I will be adding a user system to save users individuals images but for now every one is using the same demo account and overwriting the same images.
read more at my blog.
http://gfxcomplex.com/blog/?p=45
Things I would like to see from you are ideas or opinions, please it will help me in more ways then I can say. Thanks.
things in planing:
1: Add a update version checker
2: Add a user system
3: Add a error system handler
4: Add a camera changing system
5: Add a content management system;
PS: you will need the new AIR beta 2 runtime.
Security
How would one secure information transfered between the flash player and the website?
Bitwise the data?
Security?
just wondered if it was possible to stop users being able to print pages of my site or save the pages on thier computer?
the site is a full flash site
cheers
ASH
Security
Greetings all! Is there any way that you can make a flash movie un-copyable. Going beyond right clicking, im talking when you do a screen print, all you see is a grey box or something
I know this happens when you try to screen print streaming media. If this is possible, any tips on how that might be done?
Security
I just have found that there is a big security issue with possibility to invoke any public method in any assemble in BIN if I use remoting...
Is there any way not to allow accessing a method in assembly but only aspx page?
How can I protect other objects in my assemblies for possibility to call them from Flash?
SWF Security
I'm wondering if there is some way to prevent my Flash movie from being stolen and put on someone elses website.
I was thinking of creating some actionscript that would call a script on my web server which would return a variable ensuring that the swf was on my server. But then I thought that somone could just link to my file on my server and use my movie in their website as well as using my bandwidth.
So does anyone have a solution?
Security
I am having problems with flash security stuff grrr. I keep getting that window that says i have to set security bla bla.
I have some stream on one web site, i have player on other, i want to ba able to load that mp3 stream. I tried putting
System.security.allowDomain("*");
System.security.allowInsecureDomain("*");
and
allowScriptAccess="always" in HTML but the thing just doesn't want to work, when i test it in FLASH IDE, everything is fine, how to set this up?
p.s.
By the way i need to setup that i can acess local files and files on the web
Security Help
I'm working on a site that have this structure: the fully functional online site, with ASP on one domain site.com and a image server img-site.com that hosts images and SWF files; and a mirror site for tests with ASP on mirror.com/local and images on mirror.com/images.
My question is why this is not working: I set an ASP, loaded from mirror.com/local/hotsite/home.asp, that loads a SWF file successfully from mirror.com/images/hotsite/main.swf. When this main.swf tries to load mirror.com/images/hotsite/video.swf, it fails. Why?
In the end, I'll need to set up img-site.com to allow ASPs from site.com to load SWFs from the former. But security sandbox isn't only needed for different server SWFs to load and pass data? Is there any need to setup security sandbox for ASPs and SWFs?
XML Security
So i fined out that it's possible so open .swf files ant look what in it
So the problem is in my .swf like is link of .xml so anyone can open and look what in this .xml but i what what to happen is there any possible way so security my xml file so no one could see it's link or that's inside it
My .xml file in build in PHP
Security?
Hello.
I bet this was posted before but the search doesn't work, so I'll post again...
Well, I made a flash site. and it had few internal problems that arose from the mistakes I made while I made them (ex. scaling, movieclip messes) so I copied the correct parts and fixed the wrong parts in a brand new FLA.
The old fla didn't produce a security warning in firefox, but the new one does. I don't think the publish settings are different. Does anyone have a idea where to look? By the way, the new FLA had some content off other people's open source AS but those didn't even look for or connect to internet for something. And if you guys need the security dialog, I can post one. However, it says that my new swf needs to access itself, and produces a security warning... :!: :D
Any ideas?
Thanks,
Keehun
SWF Security
I'm in desparate need of software that is able to protect my SWF files once downloaded, in order to stop the user from viewing its contents.
Is there such software avaible out there.
DATABASE SECURITY
In what do I build a database for the verification of the username and password...which stays secure and strong..
Security Problem
Hi,
I have an applet that sends and receives emails and cell phone messages. It works fine, but the problem is that I can see the location of the cgi when I open the swf in a text editor. That is not good at all for security reasons. Is there any way to make those URL's invisible in the SWF?
thanx
Flash Security
We're trying to make a determination of how much of a security risk flash could be within our network if enabled. Can someone give me a run down of how dangerous flash could be?
From what I've read, it seems that with actionscript someone malicious enough could plant a virus or something. Or am I wrong in this interpretation?
Thanks for your help.
Scott Wilhelm
Webmaster
Oswego County BOCES
Security Problem
I've created a game and the buyer decided to offer revards for best players. I don't know how to make a secure data upload from flash to the database.
1. Using an encryption is probably without sense, since ASV can get all used actionscript....???
2. Shoud I send a lot of variables to the server, and check if all sent data is logic and calculate the players score using this var. ???
3. ??? Any sugestions ???
Please help!
Thank you!
PHP Security Suggestions
I made a small interface on my website that will allow users to send me a SMS message via PHP.
It requires the user to enter their name and message then click submit.
I then take this info and send it to my SMS email address where I receive it as a SMS message.
Unfortunately, I published the website on this site and someone hit me with 68 messages this morning with bogus text in the message. I have since removed the PHP file until I think of something better. This question alone may unleash the deviants.
My questions are...
1) Is there a way to make this a bit more secure?
2) Is there a way to require fields to be filled out?
3) If I added an email address field...even if I didn't use it in the PHP and even if the user entered in a bogus email
address...how do I only allow properly formatted addresses?
Any suggestions would be appreciated.
Thanks.
|
TRACKER
