i am writing a flash app that receives its data over a XMLSocket. On the testmachine that worked really fine, but now the data will be ssl secured. Is there any XMLSSLSocket or something similar available? If not XMLSocket a normal SSLSocket would be a great help as well.
you have to use binary sockets and as3crypto: http://code.google.com/p/as3crypto/
The opensource Forge project that does SSL/TLS in JavaScript and raw sockets via Flash might help:
http://github.com/digitalbazaar/forge/blob/master/README
Related
I don't see why not!
Has somebody implemented this so far? Any links?
If not, I will! :-D
Yes. There is a Socket API that could be a Websockets client. Also check out Kaazing - a Websocket server with a Flex client library.
Yes. look at GraniteDS, if your backend is in Java. It has everything you need. There is also an example application showing chat using webscoket.
Is it possible to use XMPP for a desktop sharing application ? is there any inconvenience ?
Technically, I guess it is possible to send the right information across. XMPP is called extensible because in a way it is. Basically XMPP allows you to send arbitrary XML to a receiver without the server needing to be configured to "accept that data". Only your clients need to be aware of it. It is not technically necessary to make/use an official extension.
What you would do would be to encapsulate VNC or RDP packets into the XML payload of the xmpp messages. Probably encoding it in a CDATA section (most efficient). The main problem that you might have is latency caused by the messaging to be routed via the server.
#dtb empathy/vino can do it on Linux with Telepathy
Yes, there is such application: http://sourceforge.net/projects/remotevnc/
There is no official protocol extension (XEP) for desktop sharing over XMPP,
and I'm not aware of any application offering desktop sharing over XMPP.
Yes it is! XMPP is an easy and extensible protocol, there are plenty of libraries to work with.
Major considerations would be:
Port and firewalls. Are any of the PC's locked down?
Application permission. Do you need to run the client app with elevated privs to access functionality, like remote control and device accesibility?
Multi-user. XMPP has group chat functionality, will that be used?
Robust. You can send offline messages.
If you don't need remote-control functionality, but just an app to share a whiteboard, text editor or such, then it should work fine.
For sharing command-line of the Linux operating system trough xmpp you can use:
pigterm.sf.net
It also supports encryption.
Greetings. I'm planning on building a Flex based multiplayer game, and I'm researching what will be required for the server end. I have PHP experience, so I started looking at ZendAMF.
Now in this game, I'll need the concept of rooms, and real time updates to clients in those rooms, so it looks like I'll be using remote shared objects (correct, yes?). I'm not seeing where ZendAMF can support this.
So I found this page: http://arunbluebrain.wordpress.com/2009/03/04/flex-frameworks-httpcorlanorg/
It seems to indicate that ZendAMF isn't going to do what I want. WebORB for PHP seems to be the only PHP based solution that does messaging, but on that page it doesn't mention "real-time" next to it like the Java based ones below it do.
What should I be looking at for the server piece with my requirements? Do I need to make the jump to something like BlazeDS and try to pick up a bit of Java knowledge?
Thanks.
I'd highly reccommed flash media server if you have the cash.
I've had good expereince with it in the past
Both ZendAmf and weborb use http long pulling. Think of it as pinging to check for updates. If you really need TRUE realtime push notification then PHP will not be your answer due to it not having threads or long running processes. WebOrb has several servers in other languages along with BlazeDS, RubyAMF, PyAmf, and of course LCDS from adobe that allows for true messaging.
I think you already know the answer, but for other people looking into this as well:
All *AMF solutions use HTTP as transfer protocol and can't have permanent connection. AMF is sent encoded through HTTP and then it's closed.
When you want to use "real" real-time (RTMP,RTMPT), you have choices like:
opensource: Red5 (Java), BlazeDS (Java), FluorineFX (.NET)
commercial: Wowza Media Server (Java), WebORB (.NET and Java)
I'm in the process of building a test plan for validating the security of our Flex/J2EE application. I believe we have some issues with trusting the Flex application too much, but I need to be able to quantify those issues.
The ideal way would be a way to show me making data service calls outside of the application. Are there tools or instructions for how one might go about doing this? I really don't want to find these things out after we release to our beta customers. :)
Charles is an excellent HTTP debugging proxy which can parse AMF data and display it as a tree. You can also set "breakpoints" to intercept a HTTP call and modify the AMF data in either the request or response.
http://www.charlesproxy.com/
Fiddler on Windows is great for monitoring http connections.
First, give the port on which Flex communicates to the J2EE server, then using Ethereal or Wireshark you can watch if it use an encrypted channel :-)
What is a good strategy for sniffing/tracing function calls between a Flex application and a ColdFusion-based backend running on ColdFusion server? I understand they use AMF protocol.
I'm used to using Fiddler to sniff transactions between HTTP clients and servers, and it works great as long as you're using plain text or XML HTTP requests and responses (including those over SSL) but it isn't much help for binary protocols like AMF over HTTP.
In my case, I do have access to the source code for the client and server, but I'm looking for an easy way to passively sniff traffic in any Flex + ColdFusion situation, without having to tweak anything on the server.
Wireshark: sniffing the glue that holds the internet together
http://www.wireshark.org/
http://www.charlesproxy.com/
Although not free, will decode AMF binary data and allows to trace SSL connections too.
ServiceCapture is another option. It decodes the binary AMF for you, if I remember correctly.
http://kevinlangdon.com/serviceCapture/
Firebug with the Flashbug plugin will show all decoded AMF messages both to and from a Flash app. Works well over HTTPS too.
https://addons.mozilla.org/en-us/firefox/addon/amf-explorer/.
The simple and poor man's trick. Create one cfc to log calls to the different cfc's and pages as you need. Dump it all to a table. Filter and sort at will. I have done this in the past and it has worked great. It's like putting in little fish hooks anywhere you want to know. This would likely give you the most application relevant data. If you need an example let me know.
ditto for wireshark (the artist formerly known as Ethereal). you can sniff at every protocol layer, and stitch together traffic streams.