Flash Security
blackshirt
Registered Users Posts: 4 Beginner grinner
I am using PHPSmug in conjunction with Flash to create my own custom portfolio for a client. PHPSmug is used to return XML Data that the Flash then parses. It works locally in the Dev environment flawlessly. When uploaded to the site my Flash application turns up all white images, I tested this by trying to loadClip other images from various servers, non-Smugmug, and the same occured. This is some sort of Security issue in place by Flash. But with other Flash Applications for Flickr as well as NASMU there must be some way around this.
will the sandboxed parameter help me in this matter. I've tried manually placing http://api.smugmug.com/photos/*.jpg into the XML and it still returned a White Image. I know that you have a Cross-Domain XML Policy file there and have seen it so this makes me think your sandboxed parameter might not be helpful. I would like to give it a shot if you're willing to help.
Any other suggestions would be good too. Thanks.
will the sandboxed parameter help me in this matter. I've tried manually placing http://api.smugmug.com/photos/*.jpg into the XML and it still returned a White Image. I know that you have a Cross-Domain XML Policy file there and have seen it so this makes me think your sandboxed parameter might not be helpful. I would like to give it a shot if you're willing to help.
Any other suggestions would be good too. Thanks.
0
Comments
The sandbox parameter definitely helps so that the API rewrites the URLs for you. During application startup you can point the Flash application explicitly to the crossdomain.xml files instead of depening on the automatic discovery:
And here the code for the function.
Hope that helped.
Jürgen
juergen@sentiam.com
http://fotoflot.com
Jürgen, Thanks a bunch for getting back to me.
I inserted this into my code and ensured it was pulling the images from api.smugmug.com, but it still pulls up white images for my routine. However, what is weird is that if I make a blank movieclip and just explicitly make a call to "loadClip(smugmugphoto, blank movieclip)" it will load without a problem.
Now what I need to work doesn't. My routine runs through arbitrary amount of XML code(created by a phpSmug script I wrote), parses the data and creates empty movie clips for each gallery found, and loads the first image in the gallery as the thumbnail. This however doesn't work and gives me white images, yet it works in my Flash CS3 environment without a hitch.
Weird.
Do you know exactly what goes wrong? Is it a sanbox violation, or does the SmugMug server refuse to serve the image? Are the images you want to access public, or are they part of a private user environments?
You may want to make sure that the browser that executes your Flash code provides an active session id with permission to access the images when it tries to retrieve the images. That is done by the SMESS cookie.
Who performs the login API call in your case, the PHP code on the server or the Flash code on the client?
Jürgen
juergen@sentiam.com
http://fotoflot.com
I have fixed the issue. Thank you both for your responses. I understood the security differences in the Dev environment as opposed to Network Environment.
I was missing one line of code that was causing the problems. The cross-domain policy was definitely a factor.
Code(snipped for briefness) before:
I added the following before loading the images:
And presto.
Thanks guys.