When using FileReference.download() to retrieve a file from a server, I'd like to give the user the option to open the associated application directly rather than having to save it to disk first.
Is this possible in Flex 3? And, if so, how is it done!
Thanks,
Mark
ps. I've tried doing URLLoader.load(URLRequest) also, but no dice...
navigateToURL(urlReq, "_blank") works in most cases, but do not open Excel, CSV files(MS office apps) in IE 7 and older versions.
Nope, you can't do that unfortunately. My guess is that this is due to security restrictions.
From a web application this is most certainly not possible. It might be possible from an AIR application by asking the operating system to handle the opening of the file and leave it at that. Windows and OS X should be able to handle it gracefully.
Why Adobe restricts such actions from web applications makes sense. It would be a glaring oppurtunity for anyone to create a regular site with a flash app that downloads and runs a virus without the user actually knowing anything about it.
Related
I know I cannot access environnment variables directly in Flash.
My project is a local swf file, run from flash player and not through browser.
The goal is to protect the SWF to be played from an unauthorized PC.
(this is my client requirements).
My idea was to embed it into an EXE (made in Delphi for instance) as activeX.
I am not sure it is the best solution.
I think AIR is even more complex to be done.
Besides, how to forbid the access of the SWF directly ?
Maybe embedding the swf any way ?
Any suggestions, tips are welcome.
regards
I'm going to preface this by saying that I don't think there's a 100% way to stop unauthorised access - if there was, there'd be no such things as pirated copies of windows, or flash. The best you can do is make it hard to hack.
Some suggestions:
You can actually access environment variables, by calling an external process in AIR, using NativeProcess (this link has a quick writeup: http://www.tikalk.com/js/get-windows-environment-variables-air-application) - but it's trivial to hack the .bat or add the env var
You can implement your own serial key system and give out keys to legitimate users. It would ideally need to be verified by a server call
You can code a "phone-home" server call - the app won't work without it. How you identify your users is really up to you; you could try via IP, but it's not perfect
You could disable local execution (check out SecureSWF), and run it online, behind a login wall
You could disable local execution, and run it via an intranet, so people in a company can use it, but not the general public
Depending on your app, on startup, you can download necessary files (content) from the web. This can either necessitate a login, or you can block unauthorised IPs. This is how Ubisoft DRM works on some of their games.
In a similar vein, you can download other SWF files that contain the actual logic of your application. These SWFs would only be stored in memory, never saved to disk
With all of these, the app can eventually be hacked open and modified (e.g. your server-check code could be removed, so the phone-home never happens). At the very least, run your SWF through something like SecureSWF (http://www.kindi.com/) to obfusticate the code before any public release.
It all comes down to how much effort you want to put into tackling the issue. For all the of suggestions that involve the internet, if the network is down, you won't be able to use your app, which understandably will cause frustration. For all of the suggestions that don't involve the internet, you will never know if it was successful or not.
I have been told that I need to create a way for users to copy and paste files in to a website. The requirement is that it can not be flash but it can be Silverlight. It is ok if it is Windows/IE only, and it can not be drag and drop (that would be way too easy, right?), it has to be pasting files.
I'm fairly certain this can not be done. One of the developers here said there must be a way since Sharepoint does it, but I believe they're using the Windows Explorer COM object for that. If that's true the user would have to have some sort of network access to the folder and it is probably crawling with security considerations.
Any ideas on how to support pasting of files in the browser without flash?
Well... In Silverlight 4 you could look into the Clipboard object, but I can tell you it only supports text.
You have the Silverlight 4 tag on this question, so I will say I'm pretty sure it's not possible yet.
If I were you I would make a list of all the client-side technologies that are acceptable: Silverlight, Flex, etc and research each one. But those smart client technologies generally don't allow that kind of access for security reasons.
Worst case, you could always build a COM object. :)
I have a feeling this cannot be done with anything other than the likes of flash/silverlight due to security restrictions.
Telerik do a silverlight one... http://www.telerik.com/products/silverlight/upload.aspx
And I guess you could develop your own.
I've got a crossdomain.xml file which allows SWFs running on only a certain few domains to download resources from my domain. However, one simple way around this is for a user to download the SWF to their local machine, and run it there (i.e. by double-clicking on it within Windows Explorer, not by running through http://localhost). It seems that when this happens, the crossdomain.xml file is ignored.
I understand that in my actionscript, I can do this:
if (Security.sandboxType.indexOf(Security.REMOTE) == -1)
// running locally - don't allow
However it is incredibly easy for someone to decompile the SWF and simply remove this line.
Is it possible to do something on the server side to stop a locally running SWF to download from my site? I tried checking the referrer but this field often isn't populated. Does anyone have any other ideas?
Thanks, Matt
You will never be able to completely prevent downloads by using crossdomain.xml. If the user just copies and pastes the requested URL to a resource into a blank browser window, the mechanism stops working. Also, the mechanism can be cheated by using a proxy. All it does is raise the bar a little, especially when someone tries to use an SWF video player to stream an FLV video hosted on your site.
If protecting your resources is worth the effort, you should consider adding some sort of authentication / authorization mechanism and/or encryption.
Double Clicking and running a SWF will usually only work if you have a stand alone player installed, otherwise it will open w/ a browser. Does Adobe distribute a stand alone player outside of Flash Pro? They didn't used to, although with Flash Platform Tools growing, they may do so now.
Nevertheless, I would expect most users will not have a stand alone player installed. In terms of security and protecting content, I suspect you're focusing on the wrong thing.
I am going to develope a module in ASP.Net. In this module I want to get the list of drives of the local system where this page is displaying. I have already tring with System.IO.... etc. but it gives me the server drives.
I want to get the list of LOCAL drive where page is displaying on server drives.
Thank you.
Do you mean the client's computer's drives?
That is not possible.
EDIT: However, it is possible with ActiveX or a browser plug in.
This absolutely cannot be done with neither server-side ASP.NET, nor with client-side JavaScript. You can try writing an ActiveX "control" (or how are these called?) or Java applet.
Fortunately you can not do that.
This is impossible, since your ASP.Net code runs on the server. The client only sees the rendered page (HTML and javascript).
Remember: your C# or VB.Net code runs on the server for the explicit purpose of sending html/javascript to the client browser. It does not get to peek directly at the "local" system, and the only thing the "local" system knows about is the html/javascript rendered on the server. That's just how the web works.
Furthermore, javascript runs in a sandbox that does not include any way to enumerate the local drives. This is by design.
So the only way to do this is via plug-in like flash, silverlight, or activex.
You can write a .NET control which is downloaded from your website to the clients' PC and looks at the drives there. As this could be abused (you could steal the users' files) you will have to convince the user to download the control in the first place. Look here for more info:
ClickOnce Deployment overview
I am working on an ASP.Net application and I want users to be able to take a picture with their local webcam and then upload it to the server.
I can, of course, rely on users doing this manually via their locally installed software, save the image as a file and do a normal file upload. However, what I really want to do is incorporate it all into a UI in the browser.
I know this means accessing local resources so do I need an ActiveX control or Silverlight or is there something I could do in Javascript for example?
This is initially intended for an Intranet app so I can have control of the client's environemnt, including stipulating the browser etc, which means I can use an ActiveX control if I have to. However, it would be nice if I could write this in a generic way so it could be used in an internet app generally (happy to stipulate that it only works on Windows clients but would be good to get it to work in FireFox).
Thanks.
The only acceptable and universal way to this for now is Flash/Flex application. Flash player presets literally in every browser in the world and all of them has such capability.
VideoCap Pro is quite popular, and it offers an ActiveX version, have you checked it out?
This sounds very suspicious to me. You realize the nefarious applications this could be applied to, right? A web page that when a user browses to it, unknownst to them, their webcam snaps a pic of them. ... I don't like it.
You could use the Nimbb API to do the webcam video recording inside a browser.
It is possible to get the image from client webcam in asp.net, you have to install the Silverlight 4 with Visual Studio 2010:
Go to following link:
http://wildermuth.com/2009/11/23/Taking_a_WebCam_Photo_with_Silverlight