you mean those variable names that are being passed from php to flash and vice versa?
still trying to catch the idea...
Printable View
you mean those variable names that are being passed from php to flash and vice versa?
still trying to catch the idea...
all variable names should be unique,complex,and random for maximum security in both php scripting language and flash actionscript language....for example.....
Code:xdx302 = "secure varible name";
Code:secure= "this is a secure login variable name but isn't all that secure for a variable name because it can be easily guessed";
okay, got it! sure! :)
one more thing when echoing php variables to be pulled into flash don't let the page contiaining the echoing script to be seen by the user just tell LoadVars to point at the php file that way the echo is never seen in the users browser.
the question is, how to identify that php file was requested by flash? and not entered by user in the browser window?
Well, calmchess I think you are confusing Java and Javascript. They are two very different things.
Javascript is pretty limited and doesn't offer many ways to exploit the client's environment.
Today it's unlikely to find users with deactivated JS, because it is complementary to most websites.
It is more likely that you deal with handheld, or other kinds of, devices that aren't JS capable.
In any case swfObject follows good guidelines for graceful degradation.
The way you use it works so that if client is Flash capable, it delivers Flash... if the client is only JS enabled, it delivers alternative content (that might be the Flash installing page)... if the user isn't even JS enabled, the original markup is shown.
Such markup can be designed for graceful degradation too: an XHTML markup with CSS style will deliver it's contents with full aesthetics if the client is capable. In case the client is not CSS capable, or is set to display text only, the webpage will be displayed as simple hypertext, in a user friendly way.
The Flash detection kit maybe closer to your view: the JS doesn't just stick a Flash object to the HTML tree, it does in fact read the Flash object from the HTML tree and overwrites it with itself.
This way if the client has disabled JS, it will still load Flash if it's capable (like in the old days).
I don't like this solution because the code isn't elegant, but from an accessibility point of view, it is better.
Regarding the random() function, if you press F1 in Flash, and type "random", you will be presented with useful info and guidelines for a correct use of it's successor, for example like this:
code:
function rand(a:Number, b:Number):Number {
var min:Number;
var max:Number;
if(!b) {
min = a;
max = b;
} else {
min = 0;
max = a;
}
var randomNum:Number = Math.floor(Math.random() * (max - min + 1)) + min;
return randomNum;
}
The script above gives you the ability to use the new method just like the old one:
code:
//to get a random number between 0 and 5
var randomNumber:Number = rand(5);
or to use it in a more customizable way:
code:
//to get a random number between 1 and 6
var randomNumber:Number = rand(1, 6);
This needs to be done because the new method (Math.random()) does not accept any arguments and returns a number between 0 and 1.
More precisely if x is the returned number: 0<=x<1.
well yes your examples are actual script and what I meant by using the random number to create a random variable name ......you can use it to both generate random numbers and text strings and there is a loop that I have that can also accomplish a random number/string.............also I can think of at least 3 diffrent ways to get information about a users computer using javascript right off the top of my head such as what browser they are using their IP address....where they have been set a cookie..redirect their browser .....lots and lots of potentially nasty stuff using javascript.......millions of ways with php!
calmchess, what you refer to as "nasty things" is the basics about which the whole Internet is founded on.
Public IP address (which is a public datum in fact), cookies, the ability to redirect... these are all inoffensive tools.
Ok, back in Web 1.0, you could place an onclose event to reopen a page when it is closed. Crap like that is still possible, but doesn't prevent the mass from accessing the web like they should do!
They just won't go back to the lame sites..
well I'm done arguing about it I'm just pointing out stuff that makes some people nervous.....I will say though that I think implementing no java is a little paranoid and should only be disabled by those that have truly secret or sensitive information to protect.
Yeah but people are scared of Internet as a whole.
Common user needs an anti-virus software because is too stupid to not execute unknown files that some lame website tricked into downloading....
come on.. anti-virus is totally useless for power users!
What I don't understand is all the fuss about Javascript. If you look at the stats, you will notice that users without JS or with JS disabled are really few.
Whatever depth your work will require, you must always keep in mind the no-JS users, but mostly to tell them to turn the darn JS support back on! ;)
well I'm glad we found something we can both agree on .....*shakes hand*
dude, no arguing.. just discussing!
In the end, this is a discussion board ;)
Take care