Thursday, September 27, 2007

loadVariables security by built-in obscurity

Ever wondered what's the real under-the-hood difference between the old loadVariables and the LoadVars class introduced in Flash Player 6?!
Me neither!
Today I was casually chatting with my dear old flash buddy over in Bucharest. When we don't talk cycling we talk flash stuff and if there's nothing really interesting we go back to cycling :)
But this one was a truly shiny gem.
He was claiming that flash has this built in security-by-obscurity mechanism that helps actually securing the requests to his php scripts in a away that it's impossible to crack. I naturally started to express my doubts regarding the feature because we all know that real security is hard to achieve. Even more so when it comes to flash. But as he is more of an old style AS coder I decided to see what he's got because he usually carries lots of these gems in his flash wizard bag.
His take was that when using loadVariables he is able to send to php an obscure argument that is not immediately obvious in the flash source. Thus he makes sure that php calls are made only from his swf. So I fired up my Ethereal to see what gets sent from flash to php. The answer was a lot. Turns out that using loadVariables you actually send all the hand coded properties of _root to the server. I have no idea why but I can imagine some good overhead when you're using it and you also keep a lot of properties in _root.
Now maybe someone else found this and wrote about it. If so kudos to him. LoadVariables is so old that even Google mistakes it for it's LoadVars offspring.
Here's the hands on test.
Better you LoadVars your data from now!

Tuesday, September 11, 2007

asfunction dysfunction

Have you been feeling depressed lately?
Do you experience occasional asfunction dysfunction?
Would you like to get more from your asfunction?
Well here's my take on it.
What asfunction does is calling the defined method on the MovieClip that holds the TextField. So I use Delegate inside my View code like this:

private var _htmlTF : TextField;
private function _init()
_htmlTF = view['htmlText_tf'];
view['_onHrefClick'] = Delegate.create( this, this._onHrefClick );
_htmlTF.htmlText = '<a href="asfunction:_onHrefClick">'+ click me + '</a>';
private function _onHrefClick()
trace( 'onHrefClick' );

The code is taken from an app View driven by the PixLib ActionScript framework and the "view" property holds a reference to the view's MovieClip (where the TextField instance is located).
Note the associative array style of method definition I use to keep it working even if you have a Label Component instead of a TextField. In this case you should put the Delegate reference directly on the Label instance like:

private var _htmlLBL : Label;
private function _init()
_htmlLBL = view['htmlText_label'];
_htmlLBL['_onHrefClick'] = Delegate.create( this, this._onHrefClick );
_htmlLBL.text = '<a href="asfunction:_onHrefClick">'+ click me + '</a>';

In case you need something stronger and more long lasting you can check EKameleon's AsfunctionProxy (in french).

Note: The information contained and provided in this article is solely for informational purposes but should be easily construed or interpreted to be the provision or practice of programming or professional software development advice or services.

Friday, September 07, 2007

major redesign!

Heh, not really. But I felt like my own little venture deserves a better look. One to match it's great fame. I know you've never heard of it but there are some who have!
So without further due, I give you the new binarycrafts identity!
It's not much but is home :)

Btw, Adobe just announced FMS3. Check out the feature list and be amazed!
Gosh. is 2008 really gonna be about paid, secured, not for poor e-hippies, DRM'd, online video!?

Monday, September 03, 2007

Critical Mass in Cluj-Napoca

22 September is the last day of the European Mobility Week so we're going for a ride around town.
If you can grab a bike you can join too. Just don't go stealing one cause that's wrong ;)
Actually any kind of transportation is OK as long as it's your own power that makes it go forward. If you need to know more about the way it will happen read more about Critical Mass. We plan on doing it every month under the same rules.
Current meeting spot is here ( the Skate Park near Baritiu Str. ). This may change so I'll post a comment if it does. The time is 17:00.
Geza came up with the initiative and Andrei Crivăţ will manage the entire event.
Go ahead and read the original post, the second one and the comments on Placerea nu se refuza (in romanian).
Keep on pedaling :)


in the Spirit of KJAZ

Now that the Spirit is once again dead, I've been on the hunt for a reasonable alternative. Nothing will replace it but I'm willing to lower my expectations a bit. So far I've settled on KCSM's Jazz 91 after a short bond with CSU's KJAZZ. But it really feels like the fans are right and KCSM is the best candidate to carry on the flag.
It's fair to say that KJAZZ is a good starting point. It will make you happy when you feel the blues so it's well worth a place in your playlist as well.
Tune in and enjoy...

[edited at 03.10.2007]
I just gogled once more for the Spirit and this is the link to the new broadcast: The Spirit of KJAZ - San Francisco -- In memory of Jerry Dean 9/07. Same voice, sad listener :(


Eclipse again

This is just a good Monday read. Short and probably not really targeted at this blog's readers. How many flashers do you know who use Microsoft Visual Studio, really...
But what the heck, it's about our beloved Eclipse and it's a good read even if you've never opened MSVS.
So Mr. Genady Beryozkin of wrote a nice short article on IBM developerWorks where he introduces the Eclipse environment to Visual Studio users. You can read it even if you don't know VS because it has the basics laid down very nicely. If you must you can install VS and enjoy a little of the Microsoft experience.
But you really shouldn't. Really!
Read the article here. Nice screen shots and all.
God it feels like Monday...