I need to send files securely from Adobe Air. In any other language, my first thought would be sftp/scp, but I don't see any libraries to do that in Flex.
I'm new to flex, so I'm not sure where to look for code examples and repos. It looks like the raw socket interface is available, so I could write one if no good examples exist. Of course, I'm trying to avoid that.
There was an action script ftp project, but it seems to be no longer maintained. You can take a look here, maybe you can reuse some code.
Related
I'm writing a web app in Scala using the Play framework. I'd like to be able to push some binary data to my web server from another machine I'm using to do number crunching. I'd like to do this over http. Can anyone suggest the best way to do each side? Ideas that have occurred to me so far are:
Send the data up as a file upload via the usual play form processing. Nice on the (web) server side, but I'm not sure what libraries to use for pushing the data up from the (number crunching) client. In C/C++ I'd consider using Curl.
Send the data up as raw POST with the binary attached and encoded appropriately. Not sure how to do either side.
I've done each of the above on several occasions in Python and C++ (although not recently enough to remember how!), but am not a web dev (but a more general sw engineer) and have only ever had control of one side before - so have no idea what the best way to do this is.
Any thoughts appreciated.
Alex
It depends what platform (and language) you're already using for the number-crunching client part. If that 'client' is also using the Play framework (or at least has access to the libraries), then there are some very helpful tools for accessing web services; (see here also).
As SWFs are notoriously easy to decompile, If I am distribution SWF with secure keys inside or some valuable peace of code, how should I secure it?
EDIT:
I think it is very easy to decompile SWF because it is byte coded to SWF and then jitted to run. This same happens with Java compilation and execution. Does this mean even java codes are not secure enough?
Why, then, Java is far more trusted and reliable and SWF is not considered secure anywhere?
The short answer is DON'T do that. Even with code obfuscation, or storing data in a byte array, there is NO WAY to prevent someone who is determined (and able) from getting anything and everything from your source.
What type of secure key are you trying to put into your swf? What will it be used for?
Key theft is probably out. If someone is dedicated to it, they will find a way, despite obfuscation, to get at the key.
Code protection & IP is another matter. Here obfuscation and "encryption" (i.e. whatever is done to prevent decompilers from functioning properly) are valid methods. If your code is sufficiently obfuscated it would be very hard for competitors to steal it or to learn too much about your code's internals. It's just not feasible. Heck, trying to learn someone else's code is hard enough as it is, and so trying to decipher code that looks like loc_12312++; if (loc_23423) loc_4345(); is just not worth anybody's time.
I strongly recommend that if you care about the IP in your application's design and internal workings, you use a tool like SecureSWF to obfuscate the code as much as you can. Unlike with license keys, here the protection isn't as weak as its weakest link - the more you obfuscate the harder you make it to steal your IP.
Edit
My experience with Flex obfuscation tools is that you have to tweak the obfuscation quite a lot to get what you need. Simply telling the obfuscation software to rename all variables, classes, etc. is bound to break your application, unless it's really really simple. So you have to choose which packages and classes to obfuscate and tweak various other parameters in order to get a working application.
Once it's obfuscated though, it's pretty hard to decipher, in my opinion. Here's a sample, just to get a perspective:
I'd rethink what you're putting in the SWF. But that said, if you see no other options, NitroLM has a SWF encrypter which allows you to encrypt the SWF. Sharify is an alternative service.
In theory you could write your own mechanism for encrypting a SWF and your own "EncryptedSWFLoader." Of course, I suspect that any key in the SWF will most likely be something you need to send back to a server; and having someone sniff the packets--with a tool such as ServiceCapture or Charles--is more likely to be a source of "key leakage" than decrypting the SWF.
You won't get real security, but to make decompilation a little harder, use a code obfuscation tool, like doSWF, and/or store important data as byte array.
Edit: Ignore this answer: didnt spot the 'distributing' part **
If run from a webserver you can store your secure key in a text file, and read this text file into the swf from an assets folder (using urlLoader). People wont be able to get to the assets if you dont set public permissions, and the decompiled swf wont have that value (will just have a variable name).
How is it being distributed?
Let me start off by stating that I am a novice developer, so please excuse the elementary nature of my question(s).
I am currently working on a Flex Application, and am getting more and more confused about when to use server side scripting, and when to develop web services. For most of the functionality I am working on, I am taking various files from the user (client), uploading to the server for processing/conversion, then sending back to client in new format.
I am accomplishing most of this using asp.net generic handlers (ashx) files, but not very confident this is best practice. But at the same time, does making web services make any more sense? What would be considered best practice for this? Any suggestions would be greatly appreciated.
The way I look at it is as follows:
Web Services mean Established Best Practice.
For most of our development, we don't need to create "Web Services", or what I'm thinking when I think REST, SOAP, and the Twitter API. You only need to start doing that once you've got something you're going to be using every day for years.
Clean and DRY code will Lead you to Creating a Web Service
If you spend the time to clearly define the parts of your upload-process-render Architecture, and you find that it can be applied to almost everything you are doing, then all you need to do to make it a Web Service is define a clear, 1-2-3 set of rules for using the system (GET/POST data, etc.). As long as you are consciously building an architecture the whole way, you'll end up creating a Web Service if it's worthy. Otherwise there's no need.
It sounds like you have a clear workflow going, I don't know anything about asp.net though.
As far as it being confusing sometimes, and best practices, I suggest the following:
Create a Flex Library Project for your "generic ashx file handling" Flex classes. Give it a cool, simple name.
Create a .NET Library Project that encapsulates all the logic for your server-side file processing. Host it online and make it open source. I recommend github. Test it as you go, and document it, its purpose and the theory behind it.
If you don't have to do anymore work at this point, and it's just plug and chug, then you've probably arrived at something that might become a Web Service, though that's probably a few years down the road.
I don't think you should try to create a Web Service right off the bat. Just make some clean and reusable code, make a few examples, get it online and open source, have others contribute and give feedback, and if it solves a specific problem, then make it a web service. You can just use REST for now probably, and build your system around that. RestfulX is a great library for that.
Best,
Lance
making web services without any sense make no sense ;)
Now in the world of FLEX as3 with flash version 10, you can easily read local files, modify them with whatever modifcation algorithm and save local files without pinging server.
You only have to use webservices if you want to get some server data or to send some data to server. that's all.
RSTanvir
Flash / Flex uses a simple HTTP POST approach for file uploads, so trying to do that using SOAP web services will be problematic. Your approach of using ASHX here sounds reasonable to me.
To send / receive data that isn't file based (e.g. a list of files the user has uploaded previously), I would recommend looking at the open source Fluorine FX library. Fluorine uses AMF which is a highly performant way of doing data transfer with Flash. It's also purely configuration-based, which means you don't need to code against any of its APIs, just configure Fluorine to expose your .NET service classes. You could easily add attributes to those same classes to expose them as SOAP web services via WCF if you need that in the future. I would not recommend using SOAP with Flex however, due to the performance losses and also because the Flex implementation of SOAP has a history of bugs and interoperability problems.
I'm about to start a project where there will be a Flash application where the visitor customizes a profile with externally loaded images and texts. Then the visitor needs to be able to download that profile as a dynamically created swf with all that external content baked into the swf.
Any ideas how to achive this?
Thank you!
Which aspect are you curious about? The overall workflow of setting up the server-side architecture? Information on tools that can generate SWFs? Or information on the SWF format itself?
As for tools, here are a few options off the top of my head:
The Flex SDK (i.e. mxmlc) will compile a pure AS3 project with embedded assets. If you've got reasonable control over the server, and don't mind a relatively heavyweight approach, that's probably the most "supported" way to go.
SWFMill (http://www.swfmill.org) has its own XML format for generating SWFs and importing assets. It's not quite up-to-date on newer SWF formats, but that may not matter depending on the requirements.
www.swftools.org has a few things that may be useful.
haxe.org has several options for generating SWFs.
If your question is about generating the format from scratch, all those projects are open-source, and personally, I've found the haxe sources to be the easiest reading. The library you want is http://code.google.com/p/hxformat/. Taking a look at the swf format spec might be helpful as well: www.adobe.com/devnet/swf/.
Or were you looking for more step-by-step detail?
(note: sorry for the lack of active hyperlinks, apparently the system doesn't believe I'm human yet :)
I believe you would have to create the SWF on the server side and then either
1) provide the user with a URL
or
2) dynamically load it in to your application and use it as the target for a button click, or something like that.
There are a number of ways to create SWFs on the server, but that's an area outside of my experience. Maybe someone else can post some better information on it, but here's a link to one approach, to get you started.
http://www.sephiroth.it/weblog/archives/2006/02/swf_server_side_compiler_with.php
Ok, this may seem like a stupid question (for Flash Developers) but I really can't figure this out.
So, I want to create somekind of an API for Flash/Flex applications so a user can use my lib in order to connect to my WebOrb Rails server.
I don't have any problem with the rails part but things get a little bit difficult with the flash part.
So, I saw from the example that Flex is using the RemoteObject to connect/retrieve data.
The question is how can I create a Flash file that connects/retrieves data from WebOrb (i couldn't find the RemoteObject - is an include I should make?).
If that is not possible, can I create some sort of library in Flex, that can be linked in Flash in order to achieve the same result?
Thx
What you're looking for is most likely the NetConnection Actionscript class. Depends on the format of your API though. If it's just XML over HTTP, you could easily just use the URLLoader class as well.
NetConnection
link text
URLLoader
link text