I've just tried loading the image into a nested clip but it's still
doesn't work.  It doesn't work in AS3 either.  According to the AS3
livedocs:

BitmapData.draw()

"Security note: The source object and (in the case of a Sprite or
MovieClip object) all of its child objects must come from the same
domain as the caller, or must be in a SWF file that is accessible
to the caller by having called the Security.allowDomain() method.
If these conditions are not met, the draw() method does not draw
anything."
http://livedocs.macromedia.com/flex/2/langref/flash/display/BitmapData.html#draw()

Personally I think this security restriction is utterly stupid.  Why
on earth would you need to restrict access to an image that is
*already* loaded into Flash?

The biggest problem is that in AS3, once an image has been loaded it
cannot have its pixels 'smoothed', so when it is scaled the pixels go
jagged and aliased.  There was a workaround in FP8/AS2 where you
copied the image into a BitmapData object and applied the 'smooth'
property, but it's now obvious you can't do this if the image is
coming from a domain that you don't have access to.

This impacts on pretty much every dynamic application I work on that
uses images from servers such as Flickr, Google Images, map images
servers etc. that you don't have server-side access to.  The
restriction also applies to dynamically loaded sound files.

Can someone please explain the logic and benefit behind this security
decision as it really is baffling me!

Thanks loads,
Paul.


On 21/07/06, Charles Parcell <[EMAIL PROTECTED]> wrote:
What is you put the loaded image into an empty MC and then captured the
BitmapData of the MC you created?  Does the security traverse the MC tree
checking for foreign domains?

Charles P.



On 7/21/06, Paul Neave <[EMAIL PROTECTED]> wrote:
>
> Thanks a lot Tom, that was just what I was looking for.
>
> It looks like in Flash Player 9, if you want to load *and* manipulate
> an image (or even a sound) from another domain you have to be able to
> have access to that domain and be able to put a crossdomain policy
> file on that server.
>
> The weird thing is that you can load an image from any server without
> the need for a crossdomain policy file, but you can't use
> BitmapData.draw() unless you have a policy file. Also, you can load an
> mp3 from any other server but you can't access the mp3's id3
> information without a policy file on the other server.
>
> What madness is this!? What's the reasoning behind this? Surely it
> can't be to do with potential 'hackers' because to get around the
> problem you only have to create a proxy script:
> http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=50c96388 which
> any potential hacker would be able to knock up in no time.
>
> But for developers, having to create a proxy script means the data has
> to be redirected via your server and you have to pay for the bandwidth
> that uses up.
>
> I really don't understand why Flash 8 and 9 have this security feature
> as I don't see what extra security it provides apart from annoying
> developers.
>
> Paul.
>
>
> On 21/07/06, Tom Lee <[EMAIL PROTECTED]> wrote:
> > Paul,
> >
> > I believe the policy file being referred to is the crossdomain.xml file.
> > Here's a technote for you on the subject, in case you're not familiar:
> > http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14213.
> >
> > After you get up to speed on cross-domain policy files, you'll want to
> check
> > out
> >
> http://livedocs.macromedia.com/labs/as3preview/langref/index.html?flash/syst
> > em/LoaderContext.html&flash/system/class-list.html
> >
> > I think the following excerpts pertains to your question:
> >
> > "When loading images (JPEG, GIF, or PNG) instead of SWF files, there is
> no
> > need to specify a SecurityDomain or an application domain, because those
> > concepts are meaningful only for SWF files. Instead, you have only one
> > decision to make: do you need programmatic access to the pixels of the
> > loaded image? If so, see the checkPolicyFile property."
> >
> > >From the checkPolicyFile documentation:
> >
> > "Set this flag to true when you are loading an image (JPEG, GIF, or PNG)
> > from outside the calling SWF file's own domain, and you expect to need
> > access to the content of that image from ActionScript. Examples of
> accessing
> > image content include referencing the Loader.content property to obtain
> a
> > Bitmap object, and calling the BitmapData.draw() method to obtain a copy
> of
> > the loaded image's pixels"
> >
> > Hope that helps!
> >
> > -tom
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Paul
> Neave
> > Sent: Friday, July 21, 2006 9:06 AM
> > To: Flashcoders
> > Subject: [Flashcoders] AS3, BitmapData and domain security
> >
> > Hi group,
> > I've only just discovered that in Flash 8 you can't .draw() a loaded
> > image into a BitmapData object if the image was loaded from another
> > domain. I've search about and found you can .draw() a SWF which uses
> > System.security.allowDomain but there's no way to .draw() an image
> > JPG, GIF, PNG etc when loaded across domains.
> >
> > This is very annoying, but apparently "...this will be fixed in FP9;
> > you will be able to use policy files to permit such things." said
> > Deneb Meketa:
> > http://www.kaourantin.net/2005/12/dynamically-loading-bitmaps-with.html
> >
> > Can someone explain how to use the policy file to permit .draw()ing
> > cross-domain in AS3/FP9?
> >
> > Thanks buckets,
> > Paul.
> > _______________________________________________
> > Flashcoders@chattyfig.figleaf.com
> > To change your subscription options or search the archive:
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >
> > Brought to you by Fig Leaf Software
> > Premier Authorized Adobe Consulting and Training
> > http://www.figleaf.com
> > http://training.figleaf.com
> >
> >
> > _______________________________________________
> > Flashcoders@chattyfig.figleaf.com
> > To change your subscription options or search the archive:
> > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
> >
> > Brought to you by Fig Leaf Software
> > Premier Authorized Adobe Consulting and Training
> > http://www.figleaf.com
> > http://training.figleaf.com
> >
> _______________________________________________
> Flashcoders@chattyfig.figleaf.com
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

Reply via email to