Using Secured SWFs as BEML Widgets

Written by Bob de Wit. Posted in .NET, ActionScript, Brightcove, Developer Blog, Flash, Flex, PEAR, PHP

This article describes how you can use SWF files as widgets in BEML that have been protected by utilities that prevent decompilation. Before we start, just a couple of things I’d like to point out:
  • This article is NOT a review of the effectiveness of SWF Protection tools, there are plenty of (endless) discussions on that topic on specialized forums.
  • This approach is NOT my recommended one for creating User Generated Content upload widgets. I still believe using a secured mid-tier upload server is a better model. Event with a protected SWF, a proxy tool like Charles or WireShark will give a hacker all the information he needs to get your token if you do not protect your sensitive Widget/Server communications.

MySpace/GetURL Solution: Not Perfect, But Stylish

Written by Bob de Wit. Posted in Developer Blog, Flash, Flex, PHP

Like most Flash developers, I was grinding my teeth when MySpace unilaterally decided to disable getURL() calls from Flash movies on their network. I was -and still am- convinced that the least MySpace could have done was to set up a program for Flash widget designers with good intentions in stead of hurling everyone back to the stone age (read: HTML links). Today I finished a new artist site for MySpace and I decided to dig a little deeper into the problem. But first, maybe for those not familiar with the origin of the problem, a little overview.

PEAR PHP XML Serializer and Flex

Written by Bob de Wit. Posted in ActionScript, Developer Blog, Flex, PEAR, PHP

PEAR is a framework and distribution system for reusable PHP components. The code in PEAR is partitioned in “packages”. Each package is a separate project with its own development team, version number, release cycle, documentation and a defined relation to other packages (including dependencies). Packages are distributed as gzipped tar files with a description file inside, and installed on your local system using the PEAR installer.PEAR contains PHP classes that are perfect for serializing data to be passed to a Flex application. Unfortunately, there is currently no package that would allow automatic installation for a Flex/PHP developer that wants to use the PEAR XML Serializer functionality.

In this article, I am going to describe how to do a local tweak and installation of the PEAR XML classes on a server that does not have PEAR pre-installed. Even if your server has PEAR installed, this approach will work.

MySpace/GetURL Solution: Not Perfect, But Stylish

Written by Bob de Wit. Posted in Developer Blog, Flash, PHP

Like most Flash developers, I was grinding my teeth when MySpace unilaterally decided to disable getURL() calls from Flash movies on their network. I was -and still am- convinced that the least MySpace could have done was to set up a program for Flash widget designers with good intentions in stead of hurling everyone back to the stone age (read: HTML links). Today I finished a new artist site for MySpace and I decided to dig a little deeper into the problem. But first, maybe for those not familiar with the origin of the problem, a little overview.

Flex / PHP Security Basics – Part One

Written by Bob de Wit. Posted in Developer Blog, Flex, PHP

I’ve been creating Flash / PHP web sites and applications for years, but I am relatively new to Flex. After browsing the Adobe PHP samples for Flex earlier this week, I couldn’t help but notice that some of this code could prove extremely hazardous if used in a public Flex site. This is no criticism, but since these examples will be read by virtually anyone who want to use the PHP / Flex tandem, it’s probably not a bad idea to go over the security basics. I just love PHP. It’s a great language for rapid development of dynamic site and application backends. Combined with the RIA power of Flex 2, there’s no end to what you can do. But – as for every web programming language, security considerations for designing even the simplest web sites with Flex and PHP are crucial and often overlooked.