dcsimg
A Flash Developer Resource Site

Results 1 to 16 of 16

Thread: Need a bit of help combating the SECURITY SAND BOX

  1. #1
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991

    Need a bit of help combating the SECURITY SAND BOX

    Hey guys

    been through the documents and all and i just cant quite figure this one out..

    I got a projector, that loads an swf over HTTP into itself (via a movie clip).. and that particular SWF loads text from a local file (within the directory of the projector) ...

    it's basically a projector that loads an swf into itself, where the SWF is the real engine and the projector is more like a shell..

    files involved
    C:/projector.exe
    C:/mytextcontent.txt
    http://mydomain.com/engine.swf


    however this security sand box has made it difficult for me to get this thing running..

    HOW DO I SET THINGS so that the computer executing the projector allows the dynamically loaded SWF over http access this much needed local file??


    thanks

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    2,849
    So it's not loading the file over the internet, or not loading the text file, or both?

  3. #3

  4. #4
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    So it's not loading the file over the internet, or not loading the text file, or both?
    well i would assume it's not loading the LOCAL text file since the SWF was retrieved via HTTP (ONLINE)

    Documents simply states REMOTE SWF FILE (one that is ran/opened via HTTP) can not access LOCAL FILE (one that has an absolute link such as "C:/My Documents/file.txt")

    then there are a bunch of suggestions to fix this sand box thing but i can't quite make it work...

    @estudioworks
    thanks mate but i've been through that already. crossdomain access is simple.. but im talking about DOMAIN vs LOCAL FILE SYSTEM issue.. LOCAL FILE SYSTEM does not have domain..

    basically i started doing a local application.. projector.exe.. this exe loads an SWF from WITHIN the folder the exe is in ..the swf does most of the work.. one of its work is to load this text file.. everything is fine....

    But then i decided to put my SWF on my webserver and load it from there.. my purpose is to make it easier to update my software (since i wll have about 10 copies of this).. and now this problem..

    i hope my explanation is clear.. someone please give me direct solution..

  5. #5
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    anyone?

  6. #6
    Flash Gordon McUsher's Avatar
    Join Date
    Mar 2001
    Location
    Krautland
    Posts
    1,560
    As far as i remember the northcode Flash app may circumvent
    the security issues..
    http://www.northcode.com/

    But i never worked with it, so i can't tell any details..

    Alternative you could do something like an update process,
    where the latest swf can be downloaded by the user....
    My letters on the F1 key have faded, how are yours today?

  7. #7
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    so this means there's no native work around for this particular sand box security??

    yeah i guess i can just make a download and overwrite thing.. not the easiest but a solution

  8. #8
    Flash Gordon McUsher's Avatar
    Join Date
    Mar 2001
    Location
    Krautland
    Posts
    1,560
    Hehe,
    a "workaround for a security feature" ... wasn't this called a "hack" ?
    My letters on the F1 key have faded, how are yours today?

  9. #9
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    well it would be if the user did it.. but im a developer trying to get my system work the way i want it..

  10. #10
    Flash Gordon McUsher's Avatar
    Join Date
    Mar 2001
    Location
    Krautland
    Posts
    1,560
    Huh?
    You do program it for Users, don't you?

    Just imagine this:
    An evil developer programs a flash.exe.
    No virus scanner would alert the user, as the exe is clean.
    But if that exe would be able to load a malicious swf from the
    internet, that had access to the filesystem and more...

    I think that is the main reason for MM putting the Security
    Sandbox this way...
    My letters on the F1 key have faded, how are yours today?

  11. #11
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    hmm.. true... arghh. well i guess there is no work around.. but that download and patch thing

  12. #12
    Flash Gordon McUsher's Avatar
    Join Date
    Mar 2001
    Location
    Krautland
    Posts
    1,560
    I don't know, if you are able to do some VB or stuff..
    As you could do an automatic update with it, prior to launching
    the flash, or let the flash even run in that VB Form. That is what
    we do for our customers.. So everything concerened to the system
    or file system is handled by that VB exe..
    My letters on the F1 key have faded, how are yours today?

  13. #13
    Not Real since 1985
    Join Date
    Feb 2002
    Location
    Netherlands
    Posts
    229
    I did a quick test, one projector file local, one swf local and one swf remote. Could load both. I had to allow the remote load, the firewall was blocking. You can ask yourself if you want your customers to make that decision.

    I was able to have the projectorfile read a var from the loaded files or to have such a file write to the projectorfile.

    Did it quick and dirty, no beauty, but I attach the files.
    Don't forget to change "YOURDOMAIN" in remote.fla

    I have an FlashAuthor.cfg file containing
    C://Documents and Settings/MYUSERNAME/Bureaublad/
    if I delete this file, nothing changes.

    Maybe it can be of help

    B

    Hmm .. cannot attach.
    Zip is on
    http://www.onseigen.net/localremote.zip
    Never accept the first 'impossible' unless it comes from a lady.

  14. #14
    Flash Gordon McUsher's Avatar
    Join Date
    Mar 2001
    Location
    Krautland
    Posts
    1,560
    The remotly loaded swf shouldn't be able to load from local file system... hmm...

    But this reminds me of something that might work:
    put all file accessing functions in your .exe, and from the remotly loaded
    swf, just ask the _root for those variables...
    My letters on the F1 key have faded, how are yours today?

  15. #15
    Not Real since 1985
    Join Date
    Feb 2002
    Location
    Netherlands
    Posts
    229
    http://www.macromedia.com/cfusion/kn...layer_1165eb90
    (sorry for the long link, it's not mine ) says:
    "Flash Projector EXEs are not liable to the same security sandbox as a SWF file becuase the user has implicitly trusted the application by launching it."
    and some more but I have to get on with my work
    Never accept the first 'impossible' unless it comes from a lady.

  16. #16
    Special Member Tea_J's Avatar
    Join Date
    Dec 2000
    Posts
    991
    thanks for trying louis but i couldnt find it in your sample files the routine that loads a data from a LOCAL TEXT FILE .. what you need to exhibit is a REMOTE swf file loaded by a local projector that can load a data from a text file that's within the projector's directory..

    @McUsher
    yeah i could try and do that. i dont code in VB but i have other means to reach the same goal.. thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center