Flash Remoting.com
Home Book Examples Blog Resources About

You are using an out-of-date browser so the pages will not display properly. Please update your browser.

Random thoughts on Flash Remoting:

This is where I get to ramble when I feel like it. Kind of like a blog, but it's not a blog. This is a blog. ;-).

3 posts in January 2003.

[ALL] 1/06 | 9/05 | 8/05 | 7/05 | 10/04 | 8/04 | 7/04 | 6/04 | 4/04 | 3/04 | 2/04 | 1/04 | 12/03 | 11/03 | 10/03 | 9/03 | 8/03 | 7/03 | 6/03 | 5/03 | 4/03 | 3/03 | 1/03 | 12/02 | 11/02

Macromedia support forums not working correctly

Friday, January 17, 2003 9:20:02 PM

Many people use the Macromedia support forums to get answers to questions about Macromedia products. The forums at one time were NNTP only, which allowed for quick access in a news reader, like Outlook Express or Netscape Messenger. Recently Macromedia merged the old Allaire forums (web-based) with the NNTP support forums. The idea is that people should be able to post from either the web-based forum or the newsgroup based forum and there would be mirroring between the two--in other words, you can post a question on the web, someone can answer the question from either location. The posts are supposed to be mirrored between the two places.

The problem lately has been that questions answered on the newsgroup have not been propagated to the web, so people using the web-based forums are thinking that their questions have not been answered.

I think the best solution to the problem is for Macromedia to fix the forums so that they work correctly. They certainly have the technology to do it.

For people who are unfamiliar with the newsgroups, here are some links to the Flash newsgroups:






The newsgroups are much, much easier to use than the web based forums. You can scan the posts instantly, and be in and out in a matter of seconds.

Add comment (0)
View comments

Security issue with Flash Remoting and web service

Wednesday, January 15, 2003 3:23:42 PM

There appears to be a security problem with Flash Remoting. Maybe someone has a workaround, but I've been unable to find one.

When you create a Flash Remoting app using a Web service, the Web service can be a URL that is anywhere, as in the following:

#include "NetServices.as"
var my_conn = NetServices.createGatewayConnection();
var myService = my_conn.getService("http://www.somewhereelse.com/someservice.aspx?wsdl", this);

The Flash Remoting code calling a Web service will work from anywhere. If you have the SWF file on your desktop, it will work. If you have it on another server somewhere, it will work. And. . .here's where the security problem is. . . .if someone else uses YOUR Flash Remoting gateway to call a Web service, it will work also. That means that I can use someone else's gateway in my Flash movie, and call a remote web service, and the processing will be done by the gateway--Web service stub files will be created and the service will be proxied through the gateway, in effect hijacking the gateway of another server.

In ASP.NET you can get around this problem by removing the write permission levels to the ASPNET user--the proxy stubs will not be created--but for J2EE and CF MX, I am not aware of any way around this problem.

The other known security issue that I'm aware of is that ServerSide ActionScript files (*.asr) are browseable by default (as plain text). You need to manually remove this functionality from your web server or your ActionScript code will be viewable by anyone who knows the URL to the file.

Add comment (4)
View comments

ColdFusion and JRun available for Mac OSX

Tuesday, January 07, 2003 11:37:37 AM

This is huge news for the ColdFusion and J2EE communities, but it is also big news for Flash Remoting. Now you can develop Flash Remoting apps on the Macintosh using JRun 4 or ColdFusion and test locally. This is super cool and makes me want to run out and buy a Mac. ;-)

Downloads for JRun 4 are at http://www.macromedia.com/software/jrun/trial/

Downloads for ColdFusion are at http://www.macromedia.com/software/trial_download/

Add comment (1)
View comments