Re: [Flashcoders] should this work?

Tue, 13 Feb 2007 13:24:20 -0800 

It would seem to be alright.
If the computer opening the socket is accepting messages from Flash, why would the FlashPlayer care about that. It can not possibly tell if the person who wrote the server application at the other end of the socket has compromised the server The server administrator is letting the socket be opened so once again, why should the FlashPlayer care. 


The fact that the server is 127.0.01 and th server administrator is the 
same person driving the browser should all be lost on Flash.

Flash did not break the user's security.

The user did when the socket was opened up. Anyone who can get to that 
socket can do whatever the socket allows.

On a LAN, this will be fun for hackers.

Ron


Lance Massey wrote:

I have an application on my computer which is simply a socket 
listening for a connection on "127.0.0.1" port 5824.


So, in AS3 I created a swf with the following code

var sock:XMLSocket = new XMLSocket();
sock.connect("127.0.0.1",5824);

and uploaded it to my server.



Now, when I go to the web page where I uploaded the .swf, it connects 
to the socket in my local application -- giving me the ability to 
issue commands from Flash to the local machine. Repeat: the swf is 
running from the web server, not in the Flash sandbox...



Is that correct? Or if I do try to create some Flash->localhost 
hybrid, will I get bitten by some sandbox/security issue in the future?



_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com



_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com






















					Reply via email to