It would seem to be alright.
If the computer opening the socket is accepting messages from Flash, why
would the FlashPlayer care about that. It can not possibly tell if the
person who wrote the server application at the other end of the socket
has compromised the server
The server administrator is letting the socket be opened so once again,
why should the FlashPlayer care.
The fact that the server is 127.0.01 and th server administrator is the
same person driving the browser should all be lost on Flash.
Flash did not break the user's security.
The user did when the socket was opened up. Anyone who can get to that
socket can do whatever the socket allows.
On a LAN, this will be fun for hackers.
Ron
Lance Massey wrote:
I have an application on my computer which is simply a socket
listening for a connection on "127.0.0.1" port 5824.
So, in AS3 I created a swf with the following code
var sock:XMLSocket = new XMLSocket();
sock.connect("127.0.0.1",5824);
and uploaded it to my server.
Now, when I go to the web page where I uploaded the .swf, it connects
to the socket in my local application -- giving me the ability to
issue commands from Flash to the local machine. Repeat: the swf is
running from the web server, not in the Flash sandbox...
Is that correct? Or if I do try to create some Flash->localhost
hybrid, will I get bitten by some sandbox/security issue in the future?
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com