Adobe Flash Player's Security-Sandbox is very restrictive

Adobe Flash Player Security-Sandbox is very good and we have not heard any major security vulnerabilities so far. However, I think, it can be made more intelligent, I have some use-cases where I can't do anything.

XMLSocket API is cool, since it's inception, developers could create cool applications (multi-player games, chat-apps, presence-apps etc). XMLSocket servers (unity, swocket etc) is needed to comply with a specification in order to work with Flash Player (as a client). Since developers are using/creating custom-servers, they could control various things on server-side, f.ex: configuring right security-permissions, serving right policy-file (crossdomain.xml) etc.

With Binary Socket API, in Adobe Flash runtimes, things have changed a lot. Applications (for Adobe Flash runtimes) can now connect to servers using standard protocols (POP3, SMTP, Databases, HTTP etc). Totally cool feature which allows creation of kick-ass applications (Yahoo! Web Messenger, mySql driver etc). But Adobe Flash Player's security-sandbox is limiting Binary Socket's capabilities.

I have been working on a library (as3httpclient) to do more things (http-status-messages, http-authentication over GET request, support for more http-methods etc) which are not supported by URLLoader API. This library (as3httpclient) doesn't work in deployed web-application because Adobe Flash Player's Security-Sandbox restricts it to.

I have following questions/concerns:-

  • When URLLoader (or other such native APIs) can connect on any port, why can't custom APIs (as3httpclient and others) connect?
  • Why can't Flash Player be little more intelligent to check, if connection is made to a HTTP server? Rules could be:- If connection is requested to same domain and destination-port is assigned to HTTP server, let communication happen. If destination server:port is in different domain, check for valid crossdomain.xml and allow the connection?
  • Why doesn't Flash Player consider to-ports attributes, if policy-file is served over HTTP?

With standards, we expect flexibility. We can't expect a HTTP server to push policy-file to Flash clients? That's not standard.

Technorati tags: , , , ,

Yahoo! Go 1.X is discontinued

I got an email yesterday, Yahoo! Go 1.x would be discontinued tonight i.e. August 27, 2007 midnight. I am suggested to upgrade to Yahoo! Go 2.0, which unfortunately doesn't work on any of Nokia S60 second-edition phones. I am suggested to use mobile-browser to access services provided by Yahoo! Go 1.x. Well I think, that's not going to help because:-

  • I loved the way Yahoo! Go seamlessly integrates with phone and delivers mails/messages to Phone's inbox.
  • I loved Yahoo! Messenger in Yahoo! Go 1.x
  • I loved the Yahoo! Calendar integration with Phone's calendar.
  • </ul>

    I think, I liked the seamless integration.

    My brother told me that Yahoo! Go 2.0 on Nokia N95 (or S60 third-edition) doesn't come with Yahoo! messenger, that's not good? Why it's missing from new version (Yahoo! Go 2.0)? Is it because of some business-deal (BlackBerry etc)?

    I think, taking away an important feature in new version of software/hardware or lack of backward compatibility would upset users. Backward compatibility is important.

    I am upset because Yahoo! Go 1.x would stop working on my phone, I don't know why? It's alright to release new version but that shouldn't force existing users to upgrade or not being able to use existing (installed) software.

    Technorati tags: , , ,

Adobe Flash runtimes support H.264 and AAC

Adobe has announced support for H.264 (codec) and AAC (audio) in latest update of Adobe Flash Player 9 Beta and Adobe AIR. I just read Tinic's post, which is full of information. Some related links:-

Happy Independence Day

</img>

I wish a Happy Independence Day to all my fellow Indians. It is indeed a day that reminds us of all freedom fighters who struggled for this day, thanks to all of them for showing us free India. I am proud to be an Indian.

We have done a lot in last sixty-years but we could have done more. It's never late, I am sure India would be a developed nation by 2020, a vision given by our ex-President Mr. APJ Abdul Kalam.

Jai Hind

Credit: Flag graphic provided by http://www.3dflags.com

Technorati tags:

DataGridDataExporter: Export DataGrid data as CSV

A friend of mine, who is new to Adobe Flex, asked how can Datagrid-data be exported as CSV. I wrote a simple class, with one static-method, to do that. This is very basic implementation of CSV format.

Check out the example or download the code (with example).

DataGridDataExporter.as:

/**
_________________________________________________________________________________________________________________
DataGridDataExporter is a util-class to export DataGrid's data into different format.
@class DataGridDataExporter (public)
@author Abdul Qabiz (mail at abdulqabiz dot com)
@version 0.01 (2/8/2007)
@availability 9.0+
@usageDataGridDataExporter. (dataGridReference)</code>
@example

var csvData:String = DataGridDataExporter.exportCSV (dg);

__________________________________________________________________________________________________________________
*/</i></font>
package com.abdulqabiz.utils
{
import mx.controls.DataGrid;
import mx.controls.dataGridClasses.DataGridColumn;
import mx.collections.ArrayCollection;
import mx.collections.XMLListCollection;
import mx.collections.IList;
import mx.collections.IViewCursor;
import mx.collections.CursorBookmark;
public class DataGridDataExporter
{
public static function exportCSV(dg:DataGrid, csvSeparator:String="\t", lineSeparator:String="\n"):String
{
var data:String = "";
var columns:Array = dg.columns;
var columnCount:int = columns.length;
var column:DataGridColumn;
var header:String = "";
var headerGenerated:Boolean = false;
var dataProvider:Object = dg.dataProvider;
var rowCount:int = dataProvider.length;
var dp:Object = null;
var cursor:IViewCursor = dataProvider.createCursor ();
var j:int = 0;
//loop through rows
			while (!cursor.afterLast)
{
var obj:Object = null;
obj = cursor.current;
//loop through all columns for the row
				for(var k:int = 0; k < columnCount; k++)
{
column = columns[k];
//Exclude column data which is invisible (hidden)
					if(!column.visible)
{
continue;
}
data += "\""+ column.itemToLabel(obj)+ "\"";
if(k < (columnCount -1))
{
data += csvSeparator;
}
//generate header of CSV, only if it's not genereted yet
					if (!headerGenerated)
{
header += "\"" + column.headerText + "\"";
if (k < columnCount - 1)
{
header += csvSeparator;
}
}
}
headerGenerated = true;
if (j < (rowCount - 1))
{
data += lineSeparator;
}
j++;
cursor.moveNext ();
}
//set references to null:
			dataProvider = null;
columns = null;
column = null;
return (header + "\r\n" + data);
}
}
}</pre></p>

DataGridCSVExportExample.mxml:-

<?xml version="1.0"?>

<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml">
<mx:Script>
<![CDATA[
import com.abdulqabiz.utils.DataGridDataExporter;
private function exportCSV ():void
{
console.text = DataGridDataExporter.exportCSV (dg);
}
]]>
</mx:Script>
<mx:XMLList id="employees">
<employee>
<name>Christina Coenraets</name>
<phone>555-219-2270</phone>
<email>[email protected]</email>
<active>true</active>
</employee>
<employee>
<name>Joanne Wall</name>
<phone>555-219-2012</phone>
<email>[email protected]</email>
<active>true</active>
</employee>
<employee>
<name>Maurice Smith</name>
<phone>555-219-2012</phone>
<email>[email protected]</email>
<active>false</active>
</employee>
<employee>
<name>Mary Jones</name>
<phone>555-219-2000</phone>
<email>[email protected]</email>
<active>true</active>
</employee>
</mx:XMLList>
<mx:Panel title="DataGrid Control Example" height="100%" width="100%"
paddingTop="10" paddingLeft="10" paddingRight="10">
<mx:Label width="100%" color="blue"
text="Select a row in the DataGrid control."/>
<mx:DataGrid id="dg" width="100%" height="100%" rowCount="5" dataProvider="{employees}">
<mx:columns>
<mx:DataGridColumn dataField="name" headerText="Name"/>
<mx:DataGridColumn dataField="phone" headerText="Phone"/>
<mx:DataGridColumn dataField="email" headerText="Email"/>
</mx:columns>
</mx:DataGrid>
<mx:Button label="Export CSV" click="exportCSV ()"/>
<mx:TextArea id="console" width="100%" height="100%" />
</mx:Panel>
</mx:Application>

Technorati tags: , , , ,

Pownce Invites!

I have around six Pownce invites. If you are interested, please let me know through comment form. I would send invite to the first six now, keep sending later. Please put right email address in email-field of comment form below.

[Update: Pownce invites are over. I would announce, once I have more.]

Technorati tags: ,

Taj Mahal is Number-One among Seven Wonders

Taj Mahal has been selected among the seven-wonders of the world. It's number-one among seven.
Cool! Check out more at: http://new7wonders.com/.

Mashup: Google Map + on AIR Bus Tour images

Google maps accepts flickr feed with georss extension (geocodes). I just pulled on-AIR-Bus-Tour pool feed and threw in Google Maps, now it would show on-AIR-Bus-Tour images on the map.
If you are Google maps fan, you can bookmark following link:

http://tinyurl.com/yrgpy4

Technorati tags: , , ,

Mixercast: on AIR Bus Tour

I just created a mixercast to show all latest pictures, videos and twitter updates of on AIR Bus Tour. Check it, out by clicking following image.


onairbustour.jpg

Technorati tags: , , , ,

as3httpclient project update

Sometimes back, I posted about as3httpclient project which is an open-source http-protocol-library written in ActionScript 3, not yet completely done. Library has been updated recently by Erik, who has recently joined the project. It's great to have him in the team.

Things that have changed:-

  • package name has been changed to code.google.as3httpclient.* from com.abdulqabiz.net.*;
  • HTTPURLLoader class has been renamed to SocketURLLoader
  • Some more classes added.
  • ASDocs has been added.
  • </ul>

    Now as3httpclient can be used for:-

    • HTTP Basic Authentication without browser's dialogue box
    • Adding custom or standard HTTP headers
    • Uploading files to server that requires http-authentication [new]
    • Copying bytes (of images/files downloaded using this library).
    • </ul>

      Two important features planned for future release:-

      • Support for more HTTP verbs (PUT, DELETE, OPTIONS, HEAD etc) - would be there soon.
      • Support for SSL or Secure HTTP - This feature might take sometime because it needs some investigation.
      • </ul>

        Please check out the project. I would love to hear your feedback/bug-reports/suggestions.

        Please get back in touch with me [mail at abdulqabiz dot com], if you want to contribute to the project.

        Technorati tags: , ,