[flexcoders] Sprite's children are drawn backwards after fullscreen.
Hi, I am creating a pure as3 game and I was using the last version of flex sdk and compiling to last player version. Now I using flex 3.6 and compiling to player version 9.0.280 and that change created a wierd problem: Every time I set the game to fullscreen a sprite's children are drawn backwards when creating it for the first time and they are drawn correctly when creating it again. I did some tests writing the sprite's children indices (getChildIndex()) and to my surprise they actually appear reversed at the first time the it is created. In another test the problem didn't happen when running the game in a browser with the last player version installed indicating the problem is in the flash player 9.0.280. Has anyone ever seen problem? Is there a way to fix it in player 9.0.280?
[flexcoders] css in flex 4
i everybody I have my I want to migration to flex 4 so for
Re: [flexcoders] tv.adobe.com hacked??
Adobe's been alerted and are investigating. On Mon, Sep 26, 2011 at 5:31 AM, claudiu ursica wrote: > ** > > > I do get the same trailer and then the streaming just freezes... > Weird. > > > > >
[flexcoders] paging
can anybody help me in creating paging for datagrid using coldfuion and oracle?
Re: [flexcoders] Restrict access to an API to only allowed applications
The problem with making it as hard as possible is the overhead on your client application. decrypting a lot of data is a processer intensive operation and your own UI could suffer, while someone stealing data could decrypt it in C and republish that data unencrypted, giving their UI the edge over yours. On Mon, Sep 26, 2011 at 6:45 PM, Haykel BEN JEMIA wrote: > ** > > > yeah you have just confirmed my 'fear' that for client applications there > is actually no secure way to identify them because anything they include > (data, algorithms etc.) can be cracked and the identification process can be > reproduced. We can only try to make it as hard as possible. > > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > On Mon, Sep 26, 2011 at 1:35 PM, claudiu ursica wrote: > >> ** >> >> >> The thing is that most client side apps implement security by obscurity >> which pretty much means that you will never be safe 100%, the only thing you >> do is not putting it in plain sight. So as you continue is add more level of >> obscurity, but as said that will only make it harder still not impossible to >> crack. You can double/triple that by server side checks e.g. trusted ips, >> domains, user etc. Whenever server feels like there is not enough trust >> should deny the connection. >> >> Obviously the topic is large enough to tackle in just a couple of lines, >> hopes this gives you a start ... >> C >> >> -- >> *From:* Haykel BEN JEMIA >> *To:* flexcoders@yahoogroups.com >> *Sent:* Monday, September 26, 2011 1:40 PM >> *Subject:* Re: [flexcoders] Restrict access to an API to only allowed >> applications >> >> >> Thanks Claudiu, >> >> I have found a PDF of the presentation and on page 4 it says the following >> about protecting sensitive data through embedding: >> >> * Most decompilers don’t look at embedded data. >> * Given that SWF is an open file format, nothing is really stopping them >> from doing this in the future. >> * Useful for quick/dirty storage of WebService credentials. >> >> So this is definitly better than storing the keys in plain text format, >> but still easy to crack. >> >> Any other suggestions. >> >> Thanks, >> >> Haykel Ben Jemia >> >> Allmas >> Web & RIA Development >> http://www.allmas-tn.com >> >> >> >> >> On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica >> wrote: >> >> ** >> >> You can embed the keys instead of keeping them in plain site. >> >> check this session I think you will find some useful stuff: >> >> http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ >> >> C >> >> -- >> *From:* Haykel BEN JEMIA >> *To:* flexcoders >> *Sent:* Monday, September 26, 2011 12:00 PM >> *Subject:* [flexcoders] Restrict access to an API to only allowed >> applications >> >> >> Hi, >> >> I'm looking for the best and most secure way to restrict access to a web >> API to only allowed applications. The best option I found is to use 2-Legged >> OAuth where applications would get a consumer key and a secret key. The >> problem here is that SWF files can be easily decompiled and the keys >> extracted. My questions here are: >> >> * Does anybody know a way to protect the keys? >> * Is there another authorization mechanism that is better suited for such >> client applications in general (Flash, JavaScript ...) >> >> Thanks. >> >> Haykel Ben Jemia >> >> Allmas >> Web & RIA Development >> http://www.allmas-tn.com >> >> >> >> >> >> >> >> > > -- j:pn \\no comment
[flexcoders] Re: toggling checkbox's enabled field in datagrid
Oh my goodness, I promise I tried this before posting to the group, but I tried it again and it does work. Of course. Thank you so much! Carrie --- In flexcoders@yahoogroups.com, "turbo_vb" wrote: > > Have you tried this: > > > > -TH > > --- In flexcoders@yahoogroups.com, "carriecharp" wrote: > > > > I've inherited some code to update and I could use some help. > > > > I have an Advanced Data Grid where one column uses a custom checkbox > > component. It's very simple with the checkbox's selected field controlled > > by column's datafield, which is a Boolean named 'fired'. > > > > I want to have the checkbox enabled only in certain situations, dependent > > upon a second field , an int called 'type'. Basically, enabled = (type!=0). > > > > 'type' is a field in the grid's dataprovider and I want to set the enabled > > field in the declaration below but I can't figure out how to reference the > > 'type' field. > > > > Any guidance is appreciated! > > Thanks, Carrie > > > > > > > width="100%"> > > > > > > > > > click="selected=data.fired=cb.selected;" width="15"/> > > > > > > >
Re: [flexcoders] Restrict access to an API to only allowed applications
yeah you have just confirmed my 'fear' that for client applications there is actually no secure way to identify them because anything they include (data, algorithms etc.) can be cracked and the identification process can be reproduced. We can only try to make it as hard as possible. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com On Mon, Sep 26, 2011 at 1:35 PM, claudiu ursica wrote: > ** > > > The thing is that most client side apps implement security by obscurity > which pretty much means that you will never be safe 100%, the only thing you > do is not putting it in plain sight. So as you continue is add more level of > obscurity, but as said that will only make it harder still not impossible to > crack. You can double/triple that by server side checks e.g. trusted ips, > domains, user etc. Whenever server feels like there is not enough trust > should deny the connection. > > Obviously the topic is large enough to tackle in just a couple of lines, > hopes this gives you a start ... > C > > -- > *From:* Haykel BEN JEMIA > *To:* flexcoders@yahoogroups.com > *Sent:* Monday, September 26, 2011 1:40 PM > *Subject:* Re: [flexcoders] Restrict access to an API to only allowed > applications > > > Thanks Claudiu, > > I have found a PDF of the presentation and on page 4 it says the following > about protecting sensitive data through embedding: > > * Most decompilers don’t look at embedded data. > * Given that SWF is an open file format, nothing is really stopping them > from doing this in the future. > * Useful for quick/dirty storage of WebService credentials. > > So this is definitly better than storing the keys in plain text format, but > still easy to crack. > > Any other suggestions. > > Thanks, > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica wrote: > > ** > > You can embed the keys instead of keeping them in plain site. > > check this session I think you will find some useful stuff: > > http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ > > C > > -- > *From:* Haykel BEN JEMIA > *To:* flexcoders > *Sent:* Monday, September 26, 2011 12:00 PM > *Subject:* [flexcoders] Restrict access to an API to only allowed > applications > > > Hi, > > I'm looking for the best and most secure way to restrict access to a web > API to only allowed applications. The best option I found is to use 2-Legged > OAuth where applications would get a consumer key and a secret key. The > problem here is that SWF files can be easily decompiled and the keys > extracted. My questions here are: > > * Does anybody know a way to protect the keys? > * Is there another authorization mechanism that is better suited for such > client applications in general (Flash, JavaScript ...) > > Thanks. > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > > > > >
Re: [flexcoders] Restrict access to an API to only allowed applications
Access should only be granted to applications approved by the team. At the beginning these will be our own applications but we want to approve apps from other developers in the future. Your suggestion works for web applications and we are planning to use it, but it can not be used for AIR applications. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com On Mon, Sep 26, 2011 at 4:04 PM, Alex Harui wrote: > ** > > > What kind of access to the web API are you trying to prevent? What > configurations need to use the API? If the API doesn’t need to be used by > other servers, I thought you could check the headers and make sure the API > is being called from a client served from your domain and deny all others. > I think that’s the point of crossdomain.xml. > > -Alex > > > > On 9/26/11 5:35 AM, "claudiu ursica" wrote: > > > > > > > The thing is that most client side apps implement security by obscurity > which pretty much means that you will never be safe 100%, the only thing you > do is not putting it in plain sight. So as you continue is add more level of > obscurity, but as said that will only make it harder still not impossible to > crack. You can double/triple that by server side checks e.g. trusted ips, > domains, user etc. Whenever server feels like there is not enough trust > should deny the connection. > > Obviously the topic is large enough to tackle in just a couple of lines, > hopes this gives you a start ... > C > > -- > *From:* Haykel BEN JEMIA > *To:* flexcoders@yahoogroups.com > *Sent:* Monday, September 26, 2011 1:40 PM > *Subject:* Re: [flexcoders] Restrict access to an API to only allowed > applications > > > > Thanks Claudiu, > > I have found a PDF of the presentation and on page 4 it says the following > about protecting sensitive data through embedding: > > * Most decompilers don’t look at embedded data. > * Given that SWF is an open file format, nothing is really stopping them > from doing this in the future. > * Useful for quick/dirty storage of WebService credentials. > > So this is definitly better than storing the keys in plain text format, but > still easy to crack. > > Any other suggestions. > > Thanks, > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica > wrote: > > > > > > You can embed the keys instead of keeping them in plain site. > > check this session I think you will find some useful stuff: > > http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ > > C > > -- > *From:* Haykel BEN JEMIA > *To:* flexcoders > *Sent:* Monday, September 26, 2011 12:00 PM > *Subject:* [flexcoders] Restrict access to an API to only allowed > applications > > > > Hi, > > I'm looking for the best and most secure way to restrict access to a web > API to only allowed applications. The best option I found is to use 2-Legged > OAuth where applications would get a consumer key and a secret key. The > problem here is that SWF files can be easily decompiled and the keys > extracted. My questions here are: > > * Does anybody know a way to protect the keys? > * Is there another authorization mechanism that is better suited for such > client applications in general (Flash, JavaScript ...) > > Thanks. > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > > > > > > > > > > > > > > > > > -- > Alex Harui > Flex SDK Team > Adobe System, Inc. > http://blogs.adobe.com/aharui > > >
Re: [flexcoders] Restrict access to an API to only allowed applications
What kind of access to the web API are you trying to prevent? What configurations need to use the API? If the API doesn’t need to be used by other servers, I thought you could check the headers and make sure the API is being called from a client served from your domain and deny all others. I think that’s the point of crossdomain.xml. -Alex On 9/26/11 5:35 AM, "claudiu ursica" wrote: The thing is that most client side apps implement security by obscurity which pretty much means that you will never be safe 100%, the only thing you do is not putting it in plain sight. So as you continue is add more level of obscurity, but as said that will only make it harder still not impossible to crack. You can double/triple that by server side checks e.g. trusted ips, domains, user etc. Whenever server feels like there is not enough trust should deny the connection. Obviously the topic is large enough to tackle in just a couple of lines, hopes this gives you a start ... C From: Haykel BEN JEMIA To: flexcoders@yahoogroups.com Sent: Monday, September 26, 2011 1:40 PM Subject: Re: [flexcoders] Restrict access to an API to only allowed applications Thanks Claudiu, I have found a PDF of the presentation and on page 4 it says the following about protecting sensitive data through embedding: * Most decompilers don’t look at embedded data. * Given that SWF is an open file format, nothing is really stopping them from doing this in the future. * Useful for quick/dirty storage of WebService credentials. So this is definitly better than storing the keys in plain text format, but still easy to crack. Any other suggestions. Thanks, Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica wrote: You can embed the keys instead of keeping them in plain site. check this session I think you will find some useful stuff: http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ C From: Haykel BEN JEMIA To: flexcoders Sent: Monday, September 26, 2011 12:00 PM Subject: [flexcoders] Restrict access to an API to only allowed applications Hi, I'm looking for the best and most secure way to restrict access to a web API to only allowed applications. The best option I found is to use 2-Legged OAuth where applications would get a consumer key and a secret key. The problem here is that SWF files can be easily decompiled and the keys extracted. My questions here are: * Does anybody know a way to protect the keys? * Is there another authorization mechanism that is better suited for such client applications in general (Flash, JavaScript ...) Thanks. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com -- Alex Harui Flex SDK Team Adobe System, Inc. http://blogs.adobe.com/aharui
[flexcoders] Re: exclude certain classes from debugging session
Just use watch expressions to see only the items you are interested in. --- In flexcoders@yahoogroups.com, Wouter Schreuders wrote: > > Hi All > > When debugging some code and stepping through or stepping over some code, is > it possible to configure flex to not include certain classes in the > debugging session or at least to entirely skip those classes from begin > included in the debugging session(but they still need to execute, just don't > want to see it) > > The reason for this is that sometimes I'm stepping though some code and > there are certain classes just dont' want to know about (for instance > tweening classes or robotlegs) > > Anyone know if this is possible? > > Thanks > > Wouter >
Re: [flexcoders] Restrict access to an API to only allowed applications
The thing is that most client side apps implement security by obscurity which pretty much means that you will never be safe 100%, the only thing you do is not putting it in plain sight. So as you continue is add more level of obscurity, but as said that will only make it harder still not impossible to crack. You can double/triple that by server side checks e.g. trusted ips, domains, user etc. Whenever server feels like there is not enough trust should deny the connection. Obviously the topic is large enough to tackle in just a couple of lines, hopes this gives you a start ... C From: Haykel BEN JEMIA To: flexcoders@yahoogroups.com Sent: Monday, September 26, 2011 1:40 PM Subject: Re: [flexcoders] Restrict access to an API to only allowed applications Thanks Claudiu, I have found a PDF of the presentation and on page 4 it says the following about protecting sensitive data through embedding: * Most decompilers don’t look at embedded data. * Given that SWF is an open file format, nothing is really stopping them from doing this in the future. * Useful for quick/dirty storage of WebService credentials. So this is definitly better than storing the keys in plain text format, but still easy to crack. Any other suggestions. Thanks, Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica wrote: > >You can embed the keys instead of keeping them in plain site. > > >check this session I think you will find some useful stuff: >http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ > > >C > > > > > >From: Haykel BEN JEMIA >To: flexcoders >Sent: Monday, September 26, 2011 12:00 PM >Subject: [flexcoders] Restrict access to an API to only allowed applications > > > > >Hi, > >I'm looking for the best and most secure way to restrict access to a web API to only allowed applications. The best option I found is to use 2-Legged OAuth where applications would get a consumer key and a secret key. The problem here is that SWF files can be easily decompiled and the keys extracted. My questions here are: > >* Does anybody know a way to protect the keys? >* Is there another authorization mechanism that is better suited for such >client applications in general (Flash, JavaScript ...) > >Thanks. > >Haykel Ben Jemia > >Allmas >Web & RIA Development >http://www.allmas-tn.com > > > > >
Re: [flexcoders] Restrict access to an API to only allowed applications
Thanks Claudiu, I have found a PDF of the presentation and on page 4 it says the following about protecting sensitive data through embedding: * Most decompilers don’t look at embedded data. * Given that SWF is an open file format, nothing is really stopping them from doing this in the future. * Useful for quick/dirty storage of WebService credentials. So this is definitly better than storing the keys in plain text format, but still easy to crack. Any other suggestions. Thanks, Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com On Mon, Sep 26, 2011 at 11:33 AM, claudiu ursica wrote: > ** > > > You can embed the keys instead of keeping them in plain site. > > check this session I think you will find some useful stuff: > > http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ > > C > > -- > *From:* Haykel BEN JEMIA > *To:* flexcoders > *Sent:* Monday, September 26, 2011 12:00 PM > *Subject:* [flexcoders] Restrict access to an API to only allowed > applications > > > Hi, > > I'm looking for the best and most secure way to restrict access to a web > API to only allowed applications. The best option I found is to use 2-Legged > OAuth where applications would get a consumer key and a secret key. The > problem here is that SWF files can be easily decompiled and the keys > extracted. My questions here are: > > * Does anybody know a way to protect the keys? > * Is there another authorization mechanism that is better suited for such > client applications in general (Flash, JavaScript ...) > > Thanks. > > Haykel Ben Jemia > > Allmas > Web & RIA Development > http://www.allmas-tn.com > > > > > >
Re: [flexcoders] tv.adobe.com hacked??
I do get the same trailer and then the streaming just freezes... Weird.
[flexcoders] tv.adobe.com hacked??
The following course have been replaced by an ad for 'The Bourne Ultimatum'!! Hackers at work? http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com
Re: [flexcoders] Restrict access to an API to only allowed applications
You can embed the keys instead of keeping them in plain site. check this session I think you will find some useful stuff: http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/ C From: Haykel BEN JEMIA To: flexcoders Sent: Monday, September 26, 2011 12:00 PM Subject: [flexcoders] Restrict access to an API to only allowed applications Hi, I'm looking for the best and most secure way to restrict access to a web API to only allowed applications. The best option I found is to use 2-Legged OAuth where applications would get a consumer key and a secret key. The problem here is that SWF files can be easily decompiled and the keys extracted. My questions here are: * Does anybody know a way to protect the keys? * Is there another authorization mechanism that is better suited for such client applications in general (Flash, JavaScript ...) Thanks. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com
[flexcoders] Restrict access to an API to only allowed applications
Hi, I'm looking for the best and most secure way to restrict access to a web API to only allowed applications. The best option I found is to use 2-Legged OAuth where applications would get a consumer key and a secret key. The problem here is that SWF files can be easily decompiled and the keys extracted. My questions here are: * Does anybody know a way to protect the keys? * Is there another authorization mechanism that is better suited for such client applications in general (Flash, JavaScript ...) Thanks. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com