RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application

2008-04-18 Thread Zoltan Csibi 
Hi Jim, 

Yes there are 3 dlls included (simply added to the air project). The
communication is via localconnection, the app checks if it can connect and
if the dlls are there the app will get access automagically  to the api
provided (the "api" is specially written native COM libraries).
I am going to post part2 with more details later.

Zoli



-Original Message-
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Jim Hayes
Sent: Friday, April 18, 2008 5:48 AM
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application

Zoli, I am impressed!
So I guess you included those 2 dlls in the air file, and found some way to
call them?
How? 
Are you going to let us know?



-Original Message-
From: flexcoders@yahoogroups.com on behalf of Zoltan Csibi
Sent: Fri 18/04/2008 03:13
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application
 
A little AIR pollution here: http://blog.fluorinefx.com/ (windows only, not
tested on all versions)
 
Zoli
www.fluorinefx.com

  _  

From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Battershall, Jeff
Sent: Wednesday, April 16, 2008 9:21 PM
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application



Understandably Adobe is feeling rather conservative about this sort of
thing. The last thing we as developers would want is an abuse of the AIR
runtime which sullies its reputation. So we're getting a certain sandbox to
play in. 

However, opening a document file such as a word doc, pdf or excel
spreadsheet is a normal every day activity. The OS and the user already have
responsibility to ensure that they are not accessing malicious content. IMO,
letting AIR have a somewhat larger sandbox by passing to the OS a request to
open files would be a huge step forward and make the user experience
significantly better.

For example, the AIR application I just built downloads data entitlements to
a user's machine. Once downloaded, the user needs to navigate to that
directory using the OS to open the files. It would be nice to not requre all
that additional work on the part of the user.

Jeff

-Original Message-
From: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com
[mailto:[EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com]
On Behalf Of aphexyuri
Sent: Wednesday, April 16, 2008 12:50 PM
To: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com
Subject: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application

Jeff,
We've been looking into it as well. Maybe the following links could give you
some more help:
http://www.mikecham
<http://www.mikechambers.com/blog/2008/01/17/commandproxy-net-air-integra>
bers.com/blog/2008/01/17/commandproxy-net-air-integra
tion-proof-of-concept/

and

http://www.mikecham
<http://www.mikechambers.com/blog/2008/01/22/commandproxy-its-cool-but-is>
bers.com/blog/2008/01/22/commandproxy-its-cool-but-is
-it-a-good-idea/

It's a long shot & a workaround...something adobe really needs to address
soon!

--- In [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com,
"Battershall, Jeff"
<[EMAIL PROTECTED]> wrote:
>
> Steve,
> 
> In the scenario I'm envisioning, I am not thinking that AIR would be 
> starting the program itself but the OS would, as it would in response 
> to a double click on a file name in Windows Explorer. But if it can't 
> be done, it can't be done.
> 
> Jeff
> 
> -Original Message-
> From: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> 
> ups.com
[mailto:[EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com] 
> On Behalf Of Cutter (Flex Related)
> Sent: Wednesday, April 16, 2008 10:32 AM
> To: [EMAIL PROTECTED] <mailto:flexcoders%40yahoogroups.com> ups.com
> Subject: Re: [flexcoders] AIR: Forcing a file to be opened By OS 
> Default Application
> 
> 
> According to a talk that Ben Forta gave here in Nashville, not long 
> before product launch, the AIR sandbox strictly prohibits access to 
> other programs on a system.
> 
> Steve "Cutter" Blades
> Adobe Certified Professional
> Advanced Macromedia ColdFusion MX 7 Developer 
> _ http://blog.
<http://blog.cutterscrossing.com> cutterscrossing.com
> 
> 
> 
> 
> --
> Flexcoders Mailing List
> FAQ: http://groups.
<http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt>
yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
> Search Archives: 
> http://www.mail-
<http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo>
archive.com/flexc

RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application

2008-04-17 Thread Zoltan Csibi 
A little AIR pollution here: http://blog.fluorinefx.com/ (windows only, not
tested on all versions)
 
Zoli
www.fluorinefx.com

  _  

From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Battershall, Jeff
Sent: Wednesday, April 16, 2008 9:21 PM
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application



Understandably Adobe is feeling rather conservative about this sort of
thing. The last thing we as developers would want is an abuse of the
AIR runtime which sullies its reputation. So we're getting a certain
sandbox to play in. 

However, opening a document file such as a word doc, pdf or excel
spreadsheet is a normal every day activity. The OS and the user already
have responsibility to ensure that they are not accessing malicious
content. IMO, letting AIR have a somewhat larger sandbox by passing to
the OS a request to open files would be a huge step forward and make the
user experience significantly better.

For example, the AIR application I just built downloads data
entitlements to a user's machine. Once downloaded, the user needs to
navigate to that directory using the OS to open the files. It would be
nice to not requre all that additional work on the part of the user.

Jeff

-Original Message-
From: [EMAIL PROTECTED]  ups.com
[mailto:[EMAIL PROTECTED]  ups.com]
On
Behalf Of aphexyuri
Sent: Wednesday, April 16, 2008 12:50 PM
To: [EMAIL PROTECTED]  ups.com
Subject: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default
Application

Jeff,
We've been looking into it as well. Maybe the following links could give
you some more help:
http://www.mikecham

bers.com/blog/2008/01/17/commandproxy-net-air-integra
tion-proof-of-concept/

and

http://www.mikecham

bers.com/blog/2008/01/22/commandproxy-its-cool-but-is
-it-a-good-idea/

It's a long shot & a workaround...something adobe really needs to
address soon!

--- In [EMAIL PROTECTED]  ups.com,
"Battershall, Jeff"
<[EMAIL PROTECTED]> wrote:
>
> Steve,
> 
> In the scenario I'm envisioning, I am not thinking that AIR would be 
> starting the program itself but the OS would, as it would in response 
> to a double click on a file name in Windows Explorer. But if it can't 
> be done, it can't be done.
> 
> Jeff
> 
> -Original Message-
> From: [EMAIL PROTECTED]  ups.com
[mailto:[EMAIL PROTECTED]  ups.com] 
> On Behalf Of Cutter (Flex Related)
> Sent: Wednesday, April 16, 2008 10:32 AM
> To: [EMAIL PROTECTED]  ups.com
> Subject: Re: [flexcoders] AIR: Forcing a file to be opened By OS 
> Default Application
> 
> 
> According to a talk that Ben Forta gave here in Nashville, not long
> before product launch, the AIR sandbox strictly prohibits access to 
> other programs on a system.
> 
> Steve "Cutter" Blades
> Adobe Certified Professional
> Advanced Macromedia ColdFusion MX 7 Developer 
> _ http://blog.
 cutterscrossing.com
> 
> 
> 
> 
> --
> Flexcoders Mailing List
> FAQ: http://groups.

yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
> Search Archives: 
> http://www.mail-

archive.com/flexcoders%40yahoogroups.comYahoo! Groups 
> Links
>



--
Flexcoders Mailing List
FAQ: http://groups.

yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives:
http://www.mail-

archive.com/flexcoders%40yahoogroups.comYahoo! Groups
Links

RE: [flexcoders] AS3 code obfuscators

2007-01-18 Thread Zoltan Csibi 
what? :))
 

Mit freundlichem Gruß,

Zoli

 

  _  

From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Igor Costa
Sent: Friday, January 19, 2007 1:26 AM
To: flexcoders@yahoogroups.com
Subject: Re: [flexcoders] AS3 code obfuscators



Daniel

The goal to create Bests RIA isn't in obfuscated the Code in Client side but
do much more in server-side, I belive it's the best obfuscators that exists.


Best.



On 1/18/07, Daniel Wabyick <[EMAIL PROTECTED] 
com> wrote: 


Does anyone know of any AS3 code obfuscators out there?

Thanks,
-D








-- 

Igor Costa
www.igorcosta.  org
www.igorcosta.  com
skype: igorpcosta

RE: [flexcoders] AMFPHP & Security

2007-01-18 Thread Zoltan Csibi 

What I mean is: if I can sniff what typed VO an application is receiving, I
can "craft" an AMF packet with:
- call to "deleteUser"
- the same VO "type" (simplified: as we know that this is just a string of
the class name followed by other strings describing property names and other
binary data with property values etc etc etc)

The gateway (fluorine, openamf, fds ... anything) will see a "valid"
object/type. There is no type-coercion error here.

This is an easy task to do with AMF knowledge. 


Bottom line: I don't think that passing simple types, untyped VOs or typed
VOs makes any difference from security point of view.


Mit freundlichem Gruß,
Zoli

 



From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Patrick Mineault
Sent: Thursday, January 18, 2007 6:29 PM
To: flexcoders@yahoogroups.com
Subject: Re: [flexcoders] AMFPHP & Security



Wouldn't Fluorine and OpenAMF throw a type-coercion error, given that 
the first argument is typed? Of course, the code in the constructor 
would be called anyways.

Patrick

RE: [flexcoders] AMFPHP & Security

2007-01-18 Thread Zoltan Csibi 
Hi,
 
I would like to underline that somebody with good AMF knowledge can craft
strongly typed objects and send them to the server-side. If the "deleteUser"
doesn't require authentication and authorization it can be hacked in any
language.
 
 
function deleteUser($userVO)
{
$userVO->delete();
}

Well, you might expect that $userVO is a "com.myPackage.UserVO", but it 
could also be a "com.myPackage.PhotoVO", or a "com.myPackage.AdminVO", 
or whatever. So you either have to make sure you do receive the VO type 
you expect, using instanceof or is_a, or you should only use "dumb" VOs 
which don't have any methods
 
 

Mit freundlichem Gruß,

Zoli

[flexcoders] Fluorine v12b

2006-05-01 Thread Zoltan Csibi 



Hello all,

Fluorine .net remoting gateway v12b (http://fluorine.thesilentgroup.com/) is
available. v12 comes with AMF3 handling.

Thanks,
Zoli







--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com








  
  
SPONSORED LINKS
  
  
  

Web site design development
  
  
Computer software development
  
  
Software design and development
  
  


Macromedia flex
  
  
Software development best practice
  

   
  







  
  
  YAHOO! GROUPS LINKS



   Visit your group "flexcoders" on the web. 
   To unsubscribe from this group, send an email to: [EMAIL PROTECTED] 
   Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

[flexcoders] Re: DOT NET 2.0

2006-04-05 Thread Zoltan Csibi 

Fluorine dotnet remoting gateway supports both .net 1.1 and 2.0
The current version handles .net 2 nullable parameter types, the next update
will handle mapping to generic collections.

Support for AMF3 will be available in a week probably.

Zoli



--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/

<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/