01.31.08

ActionScript 2.0 Migration

Posted in AS3 at 3:46 am by Saran

http://livedocs.adobe.com/flex/201/langref/migration.html

01.28.08

Top Flash ActionScript Forums

Posted in Flash at 3:56 am by Saran

kirupaForum - http://www.kirupa.com/forum/

Currently Active Users: 237 (19 members and 218 guests)

Threads: 246,609, Posts: 1,938,884, Members: 101,559 Read the rest of this entry »

Adobe Throttles Up Flash Media Server

Posted in Flash at 3:21 am by Saran

Adobe has released two new full version upgrades in its Flash Media Server line: Flash Media Streaming Server 3 and Flash Media Interactive Server 3. The latest versions, released Jan. 25, both include “major” performance gains and additional security enhancements for content delivery. They also add MPEG-4 support in the form of H.264 video and High-Efficiency AAC (HE-AAC) audio.Flash Media Streaming Server 3 is Adobe’s on demand and live streaming video server with new, prebuilt services designed for rapid deployment. The latest incarnation advances performance, according to Adobe, with twice the speed of its predecessor. It also adds, for the first time, a single-server solution with an unlimited number of users and unlimited bandwidth. The updated server also adds 128-bit encryption for secure delivery and SWF verification to prevent reuse and unauthorized hosting of Flash-based content. Some of the other new features include:

  • Support for H.264 for streaming up to 1080p video to the Flash Player, Adobe AIR and Adobe Media Player;
  • HE-AAC audio streaming;
  • Live streaming support for H.264 and On2 VP6 video in conjunction with Flash Media Encoder 2;
  • Live and on demand streaming to smart phones with Flash Player Lite;
  • Usage logs and real-time monitoring; and
  • A new seek feature that allows viewers to advance video to portions that have not yet been downloaded.

Flash Media Interactive Server 3, built on Adobe’s Origin/Edge architecture, includes the same performance and security enhancements as Flash Media Streaming Server 3, as well as the additional codec support, logging, seek, and live and on demand streaming features. In addition, it incorporates a new plug-in architecture for integration with other servers and services for authorization, server access, and file access. And it includes support for the newly open sourced AMF3 format for data sharing and interactivity. Additional features include:

  • DVR-like recording functionality and the ability to archive live streams and multi-way sessions;
  • Dynamic thumbnails and video previews;
  • RTMP stream redirection; and
  • New “multipoint publishing” functionality for remote injection of “new live or prerecorded streams into your delivery network to quickly add time-sensitive content.”

Flash Media Streaming Server 3 is available now for $995. Flash Media Interactive Server 3 is available for $4,500 for the full version, $1,995 for upgrades.

01.22.08

To find out your IP address

Posted in Uncategorized at 12:55 pm by Saran

In below URL, you can find  your public and private IP-Address.  Tools to analyze, optimize and secure your internet connection.

http://ipinfo.info/index.php

Detecting Flash Player capabilities using describeType()

Posted in AS3 at 4:12 am by Saran

I found this article from unknown blog. A poster of the article said that he found a solid bug in functionality on flash.system.Capabilities on AS3 and gave solution also. I have pasted the same below,

var flashPlayerData:Array = new Array();
var objectType:XML = describeType(flash.system.Capabilities);
var excludedProperties:Array = ["_internal", "serverString", "prototype"];

for each(var objectProperties:XML in objectType.accessor){
var propertyName:String = objectProperties.@name;
var isExcluded:Boolean = false;

for(var c:uint = 0; c < excludedProperties.length; c++){
var excludedName:String = excludedProperties[c];
if(propertyName == excludedName){
isExcluded = true;
break;
}
}

if(!isExcluded){
var propertyValue:String = flash.system.Capabilities[propertyName];
flashPlayerData.push({name: propertyName, value: propertyValue});
}
}

flashPlayerData.sortOn(”name”, Array.CASEINSENSITIVE);

Software converts images into PDF in a snap

Posted in Uncategorized at 3:09 am by Saran

Snapter Ice (snapter.atiz.com/) converts specific types of images taken with a digital camera and produces the same kind of results as if you scanned the subject matter with a flatbed scanner.

01.20.08

Actionscript 3 class zip library FZip

Posted in AS3 at 5:50 am by Saran

FZip is a cute little Actionscript 3 class library,that enables you to load standard ZIP archives and extract contained files while the archive is still loading,modifying,and creating standard ZIP archives. It parses ZIP archives progressively, allowing access to contained files while the archive is loading.

To download source: http://ntt.cc/2008/01/19/actionscript-class-library-fzip.html

01.14.08

HTTP error codes

Posted in Flash at 11:05 am by Saran

1. Informational 1xx

This class of status code indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an empty line. There are no required headers for this class of status code. Since HTTP/1.0 did not define any 1xx status codes, servers MUST NOT send a 1xx response to an HTTP/1.0 client except under experimental conditions.

A client MUST be prepared to accept one or more 1xx status responses prior to a regular response, even if the client does not expect a 100 (Continue) status message. Unexpected 1xx status responses MAY be ignored by a user agent.

Proxies MUST forward 1xx responses, unless the connection between the proxy and its client has been closed, or unless the proxy itself requested the generation of the 1xx response. (For example, if a

proxy adds a “Expect: 100-continue” field when it forwards a request, then it need not forward the corresponding 100 (Continue) response(s).)

2. Successful 2xx

This class of status code indicates that the client’s request was successfully received, understood, and accepted.

3. Redirection 3xx

This class of status code indicates that further action needs to be taken by the user agent in order to fulfill the request. The action required MAY be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD. A client SHOULD detect infinite redirection loops, since such loops generate network traffic for each redirection.

4. Client Error 4xx

The 4xx class of status code is intended for cases in which the client seems to have erred. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents SHOULD display any included entity to the user.

If the client is sending data, a server implementation using TCP SHOULD be careful to ensure that the client acknowledges receipt of the packet(s) containing the response, before the server closes the input connection. If the client continues sending data to the server after the close, the server’s TCP stack will send a reset packet to the client, which may erase the client’s unacknowledged input buffers before they can be read and interpreted by the HTTP application.

5. Server Error 5xx

Response status codes beginning with the digit “5″ indicate cases in which the server is aware that it has erred or is incapable of performing the request. Except when responding to a HEAD request, the server SHOULD include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. User agents SHOULD display any included entity to the user. These response codes are applicable to any request method.

AS Class Exporter

Posted in Open Source at 10:44 am by Saran

AS Class Exporter is a .NET utility that extracts the names of the classes compiled in a set of swf’s, searches a defined classpath to find the referenced classes and copies the .as files found in said classpath to an output folder chosen by the user.

What problem does it try to solve?

by Author,

Actually, a problem that I’ve frequently run into in many Flash projects. Often, I place the classes and packages for a project inside a “fla” or “src” a folder, so the code is accessible to the fla files, which live in that same folder, without any extra classpath configuration. I also use “common” code from a central repository, as well (the kind of code that is generic enough that can be shared among many projects).

The problem is, when you have to give the sources of the project to someone, in order for them to be able to compile the fla’s, you’d either have to give them your whole central repository (most of which is not relevant or needed to the project at hand), or manually track down which classes are being referenced in your project’s code. Then you’d have to create folders that follow the original package/folder layout and manually copy and paste your .as files. A couple of times I had to do that and it was rather painful, time consuming and error prone. So, this project was developed based on my own needs as a way to automatize all that tedious work, and is made available here in the hope that it might help other developers that have come across the same problem.

01.13.08

Creating more secure SWF web applications

Posted in Secure at 7:33 am by Saran

This article which I found from Adobe secure and they detailed about how to communicate a swf from other domain using cross domain policy. Same I am posting here :-) by SRK.

Loading remote content

One of the most common tasks you may want to do is fetch images, sounds, or other data from a remote website. If the content is from a different domain than the requesting SWF file, then Flash Player may need to check with the remote domain to confirm whether you have permission to access that content. The following sections describe when permission is needed and how to obtain it.

Loading content from different domains

Related threats: Cross-domain privilege escalation

By default, Flash Player will follow the same-origin policy used by browsers which says that content within a single domain can access all the other content and data hosted on the same domain name. In addition, a site can present content from other domains but it can not directly access the data belonging to those other domains. For example, the same-origin policy will allow a piece of content on www.a.com to access all of the other data associated with www.a.com. The site www.a.com can also include an iframe showing the web page for www.b.com. However, the same-origin policy prohibits www.a.com from accessing www.b.com’s cookies or interacting with the JavaScript on www.b.com’s page.

Flash Player considers the full domain name used to establish content’s origin to be its security domain. For Flash Player, a SWF file’s domain is defined by where the SWF file is hosted. If a web page at the domain www.a.com includes an object tag to load a SWF from the domain www.b.com, then the SWF considers its security domain to be defined by www.b.com. Other SWF files hosted on the www.a.com site will not have full access to the SWF loaded from the www.b.com site because they are loaded from different security domains. Flash Player matches on the complete domain name and therefore the domain www.a.com is considered to be a different security domain from the domain home.a.com. Flash Player also separates content loaded from www.a.com over HTTPS and content loaded from www.a.com over HTTP into separate security domains.

Unlike the browser, Flash Player contains several methods for expanding the same-origin protections to include more than one domain name. Therefore the owner of the site www.a.com can tell Flash Player that the site’s content can be shared with the domain home.a.com. This allows website owners with multiple domain names to have interaction between their sites. Many of these methods support the use of wildcards for when developers want to share their data with the world. From a security perspective, wildcards need to be used with discretion since you are allowing everyone access to your data.

Splitting a single domain name into two security domains by using IP addresses

In addition to incorporating many domain names into one security domain, it is also possible to split one domain name into two security domains. This may be necessary if you only have one domain name available but you have SWF files with two different trust levels. To accomplish this, you can take advantage of the fact that Flash Player does not associate domain names with IP addresses.

If the site www.example.com is hosted at the IP address 1.2.3.4, then Flash Player will consider a SWF loaded by the URL http://www.example.com/my.swf to be in a different security domain then the SWF loaded by the URL http://1.2.3.4/my.swf. This approach can be useful if a site allows untrusted users to upload SWF files. Since the site owners want to protect their SWF files from being accessed by malicious SWF files uploaded by a user, the site owners could reference the trusted SWF files using the domain name in the URL and then load the potentially malicious user-submitted SWF files using an IP addresses within the URL

Implementing cross-domain files

Related threats: Cross-domain privilege escalation, insufficient authorization restrictions

If you’d like to research how to use crossdomain.xml files, see Overview of permission controls on Adobe LiveDocs and Cross-domain policy file usage recommendations for Flash Player on the Flash Player Developer Center.

Cross-domain files are one method for expanding the same-origin policy to allow multiple domain names to be considered part of the same origin. A cross-domain policy file is a way for the server hosting the file to acknowledge that its content can be considered to be part of the same origin as domains listed within the cross-domain file. Cross-domain files served from a web server on port 80 or 443 are considered to be HTTP policy files and can control policies for web requests. Cross-domain files hosted from other ports are considered to be socket policy files. Socket policy files will be discussed later.

Cross-domain files are one method for expanding the same-origin policy to allow multiple domain names to be considered part of the same origin. A cross-domain policy file is a way for the server hosting the file to acknowledge that its content can be considered to be part of the same origin as domains listed within the cross-domain file. Cross-domain files served from a web server on port 80 or 443 are considered to be HTTP policy files and can control policies for web requests. Cross-domain files hosted from other ports are considered to be socket policy files. Socket policy files will be discussed later.

The crossdomain.xml file can be used to specify three aspects of access to the HTTP server:

  • What domains are trusted to be within the same origin of the server

  • Whether communication between HTTP and HTTPS content is allowed for the listed domain names

  • It implicitly grants socket access to ports greater than 1024 (this feature will soon be removed in future versions of Flash Player)

These cross-domain controls are available to the distributor of content and can apply to either the entire website or just one portion. Creators of SWF files also have the ability to define cross-domain controls through the use of the Security.allowDomain() method which I discuss later. The Security.allowDomain() method is a more granular way of granting cross-domain permissions on a per-file basis.

It is also important to note that Flash Player, like most browsers, does not prevent cross-domain sending of data. Flash Player only attempts to prevent cross-domain loading of data. If the website at home.a.com wants to perform an HTTP POST of data to www.a.com using a method that does not return a response to Flash Player, then it can do so without the need for a cross-domain file. If the SWF at home.a.com needs to access the response data from the request, then a cross-domain policy file is necessary.

Here are some situations that require using the crossdomain.xml file:

  • When performing image extraction, such as using Bitmap.draw() or Loader.content, is required to a movie or image from another domain

  • When performing sound data extraction on sound loaded from another domain such as ID3Info and computeSpectrum

  • When an image is being loaded in an HTML text field from another domain
  • When it is necessary to authorize sockets to connect to ports greater than 1024

  • When data will be directly loaded via API calls such as LoadVars, URLLoader, or XML.load by another domain

  • When a web administrator wants to explicitly block all cross-domain loading requests to their site

  • When a SWF on a remote HTTP server needs to load data from within an HTTPS protected section of the server’s website

It is not necessary to use a crossdomain.xml file:

  •  When an image from another domain is loaded for presentation as a child without      accessing anything inside of it

  • When displaying or playing data from an RTMP server without trying to access video data or sound spectrum data

  • When loading an image from the same domain as the loader

  • When loading a SWF file since cross-domain permissions for SWF-to-SWF communication is controlled by Security.allowDomain()

In order to successfully load remote content into a SWF file, a remote domain has to place a crossdomain.xml file in the directory of the content or one its parent directories. In order to successfully load remote content into a SWF file, a remote domain has to place a crossdomain.xml file in the directory of the content or one its parent directories. Before making a request to a new remote domain, Flash Player will verify that the settings to allowNetworking permit access to remote domains . Next, Flash Player needs to request the crossdomain.xml file to determine whether the current domain is allowed to load the remote domain’s content. If the current domain is not listed in the crossdomain.xml file or the file does not exist, then access to the content is denied and an exception will be thrown when you attempt to access the data.

Cross-domain files can be used to explicitly deny access globally. If a cross-domain file is not present, then access is also denied. Access will also be explicitly denied to everyone by creating a crossdomain.xml file with no entries in the root directory and a site-control policy set to none:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for mysite.com -->
<cross-domain-policy>
<-- No one can have raw access to any of the content on this site through Flash Player -->
<-- This is the only cross-domain policy file on this server -->
<site-control permitted-cross-domain-policies="none" />
</cross-domain-policy>

Using wildcards in conjunction with domain names

If the domain has multiple sub-domains that change frequently, administrators can use a wildcard in conjunction with the parent domain name by specifying domain="*.mysite.com" instead of domain= "*". Below are additional sample valid entries for a crossdomain.xml file that demonstrate alternatives to using the “*” wildcard:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for mysite.com -->
<cross-domain-policy>
<!-- This is the only cross-domain policy file for this server -->
<site-control permitted-cross-domain-policies="master-only"/>
<!— Administrators can set multiple entries with a wildcard on the sub-domain to avoid setting domain="*"-->
<allow-access-from domain="*.mysite.com" />
<allow-access-from domain="*.myothersite.com" />
</cross-domain-policy>

« Older entries