Professional Web Applications Themes

Passing flash variables to CF - Coldfusion Flash Integration

All the ways I've found so far of passing variables back to CF from flash seem to involve either getURL with POST/GET or the loadvars method. This seems to inevitably require a page refresh which I would like to avoid if possible. The other issue is that the variables are presented to CF as form variables which leaves the CF page vulnerable to cross site attack. Ideally I want the swf embedded on my page to be the only way of passing data through to my CF handling page. Is this possible?...

  1. #1

    Default Passing flash variables to CF

    All the ways I've found so far of passing variables back to CF from flash seem
    to involve either getURL with POST/GET or the loadvars method. This seems to
    inevitably require a page refresh which I would like to avoid if possible.

    The other issue is that the variables are presented to CF as form variables
    which leaves the CF page vulnerable to cross site attack. Ideally I want the
    swf embedded on my page to be the only way of passing data through to my CF
    handling page.

    Is this possible?

    Paul Galloway Guest

  2. #2

    Default Re: Passing flash variables to CF

    Paul Galloway wrote:
    >
    > Is this possible?
    >
    NO!, unless you want your SWF to *only* be accessed by a user sitting in
    front of the server. Saying 'form variables which leaves the CF page
    vulnerable to cross site attack' is the same as saying, 'making a web
    site leaves me open to web site attacks.' Basically a true statement,
    but following best practices of coding web applications can mitigate.

    Having said all that, I think you may want to be looking at Flex and
    ColdFusion. Flex uses the Flash client to work with server back ends.
    This allows one to use AMF channels to pass data between the server and
    the client. While this will not prevent cross site attacks, one still
    needs to be intelligent in how one builds ones sever side code. It does
    give one more direct client and server communications without client
    refreshes and the server can push data to the client.
    Ian Skinner Guest

  3. #3

    Default Re: Passing flash variables to CF

    Well the issue I'm trying to mitigate is that the user downloads my swf,
    decompiles it, looks at my actionscript which shows

    on (press) {
    dataOut = new LoadVars();
    dataOut.credits = credits;
    //Using send ( ); method to send the data
    dataOut.send("http://mysite.com/cashout.cfm", "_self", "POST");
    }

    and simply creates a form to submit form.credits field to my form handling
    page. If they are a registered user correctly logged in using session variables
    this goes through just fine. Is there a way of knowing that the variables are
    being passed from an instance of the swf on my domain?

    Sauleve Guest

  4. #4

    Default Re: Passing flash variables to CF

    Sauleve wrote:
    > and simply creates a form to submit form.credits field to my form handling
    > page. If they are a registered user correctly logged in using session variables
    > this goes through just fine. Is there a way of knowing that the variables are
    > being passed from an instance of the swf on my domain?
    Not really, a post is a post. You could check the cgi scope for the
    referer IP address. This can be spoofed but at least it cuts out the
    lazy folks.

    You can use the session to count the number of posts of the form and
    only allow a legitimate number per session.

    You can set a session scope variable when the swf is delivered and only
    allow one submit per unique session value.

    But thanks to the stateless nature of the HTTP protocol client-server,
    request-response world of internet applications, you can never *really*,
    _absolutely_ know that this request has anything to do with any other
    previous request. There are some extras bolted onto the protocol to
    make it more likely that this request is related, but they are all
    spoofable.


    Ian Skinner Guest

Similar Threads

  1. passing objects/variables to flash using ASP
    By rodrigo in forum Macromedia Flash Data Integration
    Replies: 3
    Last Post: March 5th, 04:25 AM
  2. Passing Variables Through Flash Movie
    By dsignerchic in forum Macromedia Flash Data Integration
    Replies: 1
    Last Post: December 6th, 02:45 AM
  3. Passing url variables to flash app
    By ltsakiris in forum Coldfusion Flash Integration
    Replies: 0
    Last Post: April 28th, 07:07 PM
  4. Passing variables to CF from Flash
    By nxtrace in forum Coldfusion Flash Integration
    Replies: 2
    Last Post: April 2nd, 05:16 PM
  5. passing variables from flash to php
    By Karina Arias in forum Macromedia Flash Actionscript
    Replies: 2
    Last Post: January 16th, 06:49 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139