RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application
Hi Jim, Yes there are 3 dlls included (simply added to the air project). The communication is via localconnection, the app checks if it can connect and if the dlls are there the app will get access automagically to the api provided (the api is specially written native COM libraries). I am going to post part2 with more details later. Zoli -Original Message- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jim Hayes Sent: Friday, April 18, 2008 5:48 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application Zoli, I am impressed! So I guess you included those 2 dlls in the air file, and found some way to call them? How? Are you going to let us know? -Original Message- From: flexcoders@yahoogroups.com on behalf of Zoltan Csibi Sent: Fri 18/04/2008 03:13 To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application A little AIR pollution here: http://blog.fluorinefx.com/ (windows only, not tested on all versions) Zoli www.fluorinefx.com _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Battershall, Jeff Sent: Wednesday, April 16, 2008 9:21 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application Understandably Adobe is feeling rather conservative about this sort of thing. The last thing we as developers would want is an abuse of the AIR runtime which sullies its reputation. So we're getting a certain sandbox to play in. However, opening a document file such as a word doc, pdf or excel spreadsheet is a normal every day activity. The OS and the user already have responsibility to ensure that they are not accessing malicious content. IMO, letting AIR have a somewhat larger sandbox by passing to the OS a request to open files would be a huge step forward and make the user experience significantly better. For example, the AIR application I just built downloads data entitlements to a user's machine. Once downloaded, the user needs to navigate to that directory using the OS to open the files. It would be nice to not requre all that additional work on the part of the user. Jeff -Original Message- From: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com [mailto:[EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com] On Behalf Of aphexyuri Sent: Wednesday, April 16, 2008 12:50 PM To: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com Subject: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application Jeff, We've been looking into it as well. Maybe the following links could give you some more help: http://www.mikecham http://www.mikechambers.com/blog/2008/01/17/commandproxy-net-air-integra bers.com/blog/2008/01/17/commandproxy-net-air-integra tion-proof-of-concept/ and http://www.mikecham http://www.mikechambers.com/blog/2008/01/22/commandproxy-its-cool-but-is bers.com/blog/2008/01/22/commandproxy-its-cool-but-is -it-a-good-idea/ It's a long shot a workaround...something adobe really needs to address soon! --- In [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com, Battershall, Jeff [EMAIL PROTECTED] wrote: Steve, In the scenario I'm envisioning, I am not thinking that AIR would be starting the program itself but the OS would, as it would in response to a double click on a file name in Windows Explorer. But if it can't be done, it can't be done. Jeff -Original Message- From: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com [mailto:[EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com] On Behalf Of Cutter (Flex Related) Sent: Wednesday, April 16, 2008 10:32 AM To: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com Subject: Re: [flexcoders] AIR: Forcing a file to be opened By OS Default Application According to a talk that Ben Forta gave here in Nashville, not long before product launch, the AIR sandbox strictly prohibits access to other programs on a system. Steve Cutter Blades Adobe Certified Professional Advanced Macromedia ColdFusion MX 7 Developer _ http://blog. http://blog.cutterscrossing.com cutterscrossing.com -- Flexcoders Mailing List FAQ: http://groups. http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail- http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups. http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail- http://www.mail-archive.com/flexcoders
RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application
A little AIR pollution here: http://blog.fluorinefx.com/ (windows only, not tested on all versions) Zoli www.fluorinefx.com _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Battershall, Jeff Sent: Wednesday, April 16, 2008 9:21 PM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application Understandably Adobe is feeling rather conservative about this sort of thing. The last thing we as developers would want is an abuse of the AIR runtime which sullies its reputation. So we're getting a certain sandbox to play in. However, opening a document file such as a word doc, pdf or excel spreadsheet is a normal every day activity. The OS and the user already have responsibility to ensure that they are not accessing malicious content. IMO, letting AIR have a somewhat larger sandbox by passing to the OS a request to open files would be a huge step forward and make the user experience significantly better. For example, the AIR application I just built downloads data entitlements to a user's machine. Once downloaded, the user needs to navigate to that directory using the OS to open the files. It would be nice to not requre all that additional work on the part of the user. Jeff -Original Message- From: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com [mailto:[EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com] On Behalf Of aphexyuri Sent: Wednesday, April 16, 2008 12:50 PM To: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com Subject: [flexcoders] Re: AIR: Forcing a file to be opened By OS Default Application Jeff, We've been looking into it as well. Maybe the following links could give you some more help: http://www.mikecham http://www.mikechambers.com/blog/2008/01/17/commandproxy-net-air-integra bers.com/blog/2008/01/17/commandproxy-net-air-integra tion-proof-of-concept/ and http://www.mikecham http://www.mikechambers.com/blog/2008/01/22/commandproxy-its-cool-but-is bers.com/blog/2008/01/22/commandproxy-its-cool-but-is -it-a-good-idea/ It's a long shot a workaround...something adobe really needs to address soon! --- In [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com, Battershall, Jeff [EMAIL PROTECTED] wrote: Steve, In the scenario I'm envisioning, I am not thinking that AIR would be starting the program itself but the OS would, as it would in response to a double click on a file name in Windows Explorer. But if it can't be done, it can't be done. Jeff -Original Message- From: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com [mailto:[EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com] On Behalf Of Cutter (Flex Related) Sent: Wednesday, April 16, 2008 10:32 AM To: [EMAIL PROTECTED] mailto:flexcoders%40yahoogroups.com ups.com Subject: Re: [flexcoders] AIR: Forcing a file to be opened By OS Default Application According to a talk that Ben Forta gave here in Nashville, not long before product launch, the AIR sandbox strictly prohibits access to other programs on a system. Steve Cutter Blades Adobe Certified Professional Advanced Macromedia ColdFusion MX 7 Developer _ http://blog. http://blog.cutterscrossing.com cutterscrossing.com -- Flexcoders Mailing List FAQ: http://groups. http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail- http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links -- Flexcoders Mailing List FAQ: http://groups. http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail- http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links
RE: [flexcoders] AMFPHP Security
Hi,
I would like to underline that somebody with good AMF knowledge can craft
strongly typed objects and send them to the server-side. If the deleteUser
doesn't require authentication and authorization it can be hacked in any
language.
function deleteUser($userVO)
{
$userVO-delete();
}
Well, you might expect that $userVO is a com.myPackage.UserVO, but it
could also be a com.myPackage.PhotoVO, or a com.myPackage.AdminVO,
or whatever. So you either have to make sure you do receive the VO type
you expect, using instanceof or is_a, or you should only use dumb VOs
which don't have any methods
Mit freundlichem Gruß,
Zoli
RE: [flexcoders] AMFPHP Security
What I mean is: if I can sniff what typed VO an application is receiving, I can craft an AMF packet with: - call to deleteUser - the same VO type (simplified: as we know that this is just a string of the class name followed by other strings describing property names and other binary data with property values etc etc etc) The gateway (fluorine, openamf, fds ... anything) will see a valid object/type. There is no type-coercion error here. This is an easy task to do with AMF knowledge. Bottom line: I don't think that passing simple types, untyped VOs or typed VOs makes any difference from security point of view. Mit freundlichem Gruß, Zoli From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Mineault Sent: Thursday, January 18, 2007 6:29 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] AMFPHP Security Wouldn't Fluorine and OpenAMF throw a type-coercion error, given that the first argument is typed? Of course, the code in the constructor would be called anyways. Patrick
RE: [flexcoders] AS3 code obfuscators
what? :)) Mit freundlichem Gruß, Zoli _ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Igor Costa Sent: Friday, January 19, 2007 1:26 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] AS3 code obfuscators Daniel The goal to create Bests RIA isn't in obfuscated the Code in Client side but do much more in server-side, I belive it's the best obfuscators that exists. Best. On 1/18/07, Daniel Wabyick [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] com wrote: Does anyone know of any AS3 code obfuscators out there? Thanks, -D -- Igor Costa www.igorcosta. http://www.igorcosta.org org www.igorcosta. http://www.igorcosta.com com skype: igorpcosta
[flexcoders] Fluorine v12b
Hello all, Fluorine .net remoting gateway v12b (http://fluorine.thesilentgroup.com/) is available. v12 comes with AMF3 handling. Thanks, Zoli -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS Visit your group "flexcoders" on the web. To unsubscribe from this group, send an email to:[EMAIL PROTECTED] Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[flexcoders] Re: DOT NET 2.0
Fluorine dotnet remoting gateway supports both .net 1.1 and 2.0 The current version handles .net 2 nullable parameter types, the next update will handle mapping to generic collections. Support for AMF3 will be available in a week probably. Zoli -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
