Need a bit of help combating the SECURITY SAND BOX

Printable View

03-15-2006, 09:46 AM
Tea_J

Need a bit of help combating the SECURITY SAND BOX

Hey guys

been through the documents and all and i just cant quite figure this one out..

I got a projector, that loads an swf over HTTP into itself (via a movie clip).. and that particular SWF loads text from a local file (within the directory of the projector) ...

it's basically a projector that loads an swf into itself, where the SWF is the real engine and the projector is more like a shell..

files involved
C:/projector.exe
C:/mytextcontent.txt
http://mydomain.com/engine.swf

however this security sand box has made it difficult for me to get this thing running..

HOW DO I SET THINGS so that the computer executing the projector allows the dynamically loaded SWF over http access this much needed local file??

thanks
03-15-2006, 11:18 AM
rdoyle720

So it's not loading the file over the internet, or not loading the text file, or both?
03-15-2006, 01:02 PM
enpstudios

This might help you:

http://www.macromedia.com/cfusion/kn...fm?id=tn_14213
03-15-2006, 10:44 PM
Tea_J

Quote:

So it's not loading the file over the internet, or not loading the text file, or both?

well i would assume it's not loading the LOCAL text file since the SWF was retrieved via HTTP (ONLINE)

Documents simply states REMOTE SWF FILE (one that is ran/opened via HTTP) can not access LOCAL FILE (one that has an absolute link such as "C:/My Documents/file.txt")

then there are a bunch of suggestions to fix this sand box thing but i can't quite make it work...

@estudioworks
thanks mate but i've been through that already. crossdomain access is simple.. but im talking about DOMAIN vs LOCAL FILE SYSTEM issue.. LOCAL FILE SYSTEM does not have domain.. :(

basically i started doing a local application.. projector.exe.. this exe loads an SWF from WITHIN the folder the exe is in ..the swf does most of the work.. one of its work is to load this text file.. everything is fine....

But then i decided to put my SWF on my webserver and load it from there.. my purpose is to make it easier to update my software (since i wll have about 10 copies of this).. and now this problem.. :(

i hope my explanation is clear.. someone please give me direct solution..
03-16-2006, 10:00 PM
Tea_J

anyone?
03-16-2006, 10:21 PM
McUsher

As far as i remember the northcode Flash app may circumvent
the security issues..
http://www.northcode.com/

But i never worked with it, so i can't tell any details..

Alternative you could do something like an update process,
where the latest swf can be downloaded by the user....
03-16-2006, 10:47 PM
Tea_J

so this means there's no native work around for this particular sand box security??

yeah i guess i can just make a download and overwrite thing.. not the easiest but a solution
03-17-2006, 04:42 AM
McUsher

Hehe,
a "workaround for a security feature" ... wasn't this called a "hack" ;) ?
03-17-2006, 04:54 AM
Tea_J

well it would be if the user did it.. but im a developer trying to get my system work the way i want it.. :(
03-17-2006, 05:12 AM
McUsher

Huh?
You do program it for Users, don't you?

Just imagine this:
An evil developer programs a flash.exe.
No virus scanner would alert the user, as the exe is clean.
But if that exe would be able to load a malicious swf from the
internet, that had access to the filesystem and more...

I think that is the main reason for MM putting the Security
Sandbox this way...
03-17-2006, 05:18 AM
Tea_J

hmm.. true... arghh. well i guess there is no work around.. but that download and patch thing
03-17-2006, 05:35 AM
McUsher

I don't know, if you are able to do some VB or stuff..
As you could do an automatic update with it, prior to launching
the flash, or let the flash even run in that VB Form. That is what
we do for our customers.. So everything concerened to the system
or file system is handled by that VB exe..
03-17-2006, 05:57 AM
Louis van Laarhoven

I did a quick test, one projector file local, one swf local and one swf remote. Could load both. I had to allow the remote load, the firewall was blocking. You can ask yourself if you want your customers to make that decision.

I was able to have the projectorfile read a var from the loaded files or to have such a file write to the projectorfile.

Did it quick and dirty, no beauty, but I attach the files.
Don't forget to change "YOURDOMAIN" in remote.fla

I have an FlashAuthor.cfg file containing
C://Documents and Settings/MYUSERNAME/Bureaublad/
if I delete this file, nothing changes.

Maybe it can be of help
:)
B

Hmm .. cannot attach.
Zip is on
http://www.onseigen.net/localremote.zip
03-17-2006, 06:11 AM
McUsher

The remotly loaded swf shouldn't be able to load from local file system... hmm...

But this reminds me of something that might work:
put all file accessing functions in your .exe, and from the remotly loaded
swf, just ask the _root for those variables...
03-17-2006, 06:21 AM
Louis van Laarhoven

http://www.macromedia.com/cfusion/kn...layer_1165eb90
(sorry for the long link, it's not mine ;) ) says:
"Flash Projector EXEs are not liable to the same security sandbox as a SWF file becuase the user has implicitly trusted the application by launching it."
and some more but I have to get on with my work ;)
03-17-2006, 06:49 AM
Tea_J

thanks for trying louis but i couldnt find it in your sample files the routine that loads a data from a LOCAL TEXT FILE .. what you need to exhibit is a REMOTE swf file loaded by a local projector that can load a data from a text file that's within the projector's directory..

@McUsher
yeah i could try and do that. i dont code in VB but i have other means to reach the same goal.. thanks