Accessing system resources through a web page - language-agnostic

Is it possible to access system resources via a web page?
Specifically I would be interested in accessing system calls in order to put the computer into standby or sleep.
At this point, I am language-independent. I would imagine that some sort of special access would need to be granted before anything of this nature occurs. My searches haven't really returned much help, so any suggestions would be great.

Yes, it is possible. See for example the online antiviruses.
I haven't done such thing but java applets can achieve that, also some kind of ActiveX controls. Of course user permission is required.

Related

Detect Internet Connectivity

I am trying to figure out a way to do an internet connectivity check for an AIR for iOS app. Previously, I was using (against my better judgement) a URLMonitor that checked Google once every 30 seconds. I did not like putting that load onto Google and neither did they; this morning, our network got flagged as a possible DDoS attacker simply from testing the app. So I had to disable this type of check and move on.
I have thought about using the NetworkInfo ANE from Adobe, but that presents its own issues in determining internet connectivity. The only way I can think of doing it is to check for interfaces "en0" and "pdpxx" (which correspond to WiFi and Cellular interfaces, respectively) and check their IPs to ensure they are not in the 192.168.x.x, 10.10.x.x, or 127.0.x.x ranges. However, I am not entirely sure those are the only static router/localhost IPs out there and there is always the possibility that the network interface names will change in the future, which would render this monitor useless. There is also the issue of IPv6 possibly throwing a wrench into this method as well.
Is there another way to check if the user is connected to the internet? I've searched multiple times and it seems that these are the only two ways to check. If that is the case, what is the best way to check?
I'm surprised that you got flagged as a DDoS attacker, are you sure that's what happened?
In any case, if your not happy with putting the load onto someone else's server, then make your own server, just a basic setup that you use with the URLMonitor. You don't have to use google's url with the URLMonitor, you can pass it another URLRequest, which could point to your own server.
monitor = new URLMonitor(new URLRequest("http://www.you-own-server.com"));
This might also be useful if you decide that you want to pass more data between the app and the server. It's your server, so can do what you want with it.
I don't think there's any other way to check if the user is connected to the internet. To be honest, I don't see why there would be. Checking for the users interfaces/wan0 etc... probably would be possible, but you'd need another program, maybe a simple python or c++ program, that Air could use to check these things, but that sounds like the long way round.

How can I use Flash to remember user data?

I am making a Flash game that stores user's statistics from previous sessions. I would also like to maintain some sort of leader board as well.
After I posted, I realized I was asking the wrong question. I feel that shared objects are the proper solution to this problem rather than using a database. Any further feedback for implementing shared objects is welcome.
Thanks for any feedback.
You can not directly query MySQL database table from Flash game, you must have some server-side technology backing you up for the job.
I would suggest using some PHP or Ruby - or whatever is easily available to you for the job.
Flash is going to be rendered on Client browser (as swf) and won't be in touch with server as it will be served as a static resource by the web browser.
I hope this reply will help you moving towards right direction.
As Dharmavir mentioned, you cannot process MySQL queries through Flash (AS*).
That said, its pretty easy to setup Flash to communicate with remote scripts, as it has the ability to POST/GET data through requests.
There are many tutorials on this.
First, write a simple script to input the data into the DB. I recommend using PHP (I think its the easiest to learn tbh).
If this is your first time performing queries with PHP, I also recommend using Prepared Statements instead of mysql_*.
Once you have your script setup, you can then move onto processing a request from your flash app to your script (which is also pretty easy).
I found a tutorial series on making a chat app with flash and PHP. The tutorial includes making requests to PHP scripts and inputting data to SQL DBs, so it should help you:
http://www.youtube.com/watch?v=XeWKauwFUEQ < This tutorial is split into many different videos. take a look at the suggestions to find the others.

Access Control and Cache Manifest for Offline Use

I would like to gather some feedback on how best to handle access control within a web application that has a requirement for offline use.
The app must have access control via username/password but must be available for offline use. That means that the first time the user logs in, the user must have an internet connection. Once logged in the app will set an acl cookie followed by caching all assets through cache manifest.
Is this a solid approach and what other methods have you used to solve this issue?
Thank you in advance for all your feedback.
Answering quite late but even if you no longer need it someone else will...
Once offline, you need to store all access info on the device. It will be accessible by third parties so there will be a matter of time before someone will have access to all your app content. I explain to clients that once you publish something for offline use, it's there for anyone to see. You can implement some basic login but unless you use an online service, it's not going to be any secure...
Giving that, use local storage to keep track of initial login. Then, refresh it every so often when device goes online.

Browser, upload large file

I'm looking for a way to allow a user to upload a large file (~1gb) to my unix server using a web page and browser.
There are a lot of examples that illustrate how to do this with a traditional post request, however this doesn't seem like a good idea when the file is this large.
I'm looking for recommendations on the best approach.
Bonus points if the method includes a way of providing progress information to the user.
For now security is not a major concern, as most users who will be using the service can be trusted. We can also assume that the connection between client and host will not be interrupted (or if it is they have to start over).
We can also assume the user is running a browser of supporting most modern features (JavaScript, Flash, etc)
edit
No language requirements. Just looking for the best solution.
There are several ways to handle this,
1. Flash Uploader
Theres plenty of flash uploaders to improve the users GUI so that they can examine the process and the process factors such as time left, KB Done etc.
This is very good if you understand how to improve Flash source code for later developments.
2. Ajax
Theres a few ways using Ajax and PHP (although PHP Does not support it) you can use Perl module to accomplish the same thing http://pecl.php.net/package/uploadprogress, This is only if you wish to show percentage information etc.
3 Basic Javascript.
This method would be just the regular form, but with some ajax styling so when the form is submitted you can show a basic loader saying please wait while you send us the file...
If your using asp, you can take a look at: http://neatupload.codeplex.com/
Hope theres some good information to get you on your way.
Regards
Not sure about your language requirements, but you can look e.g. into
http://pypi.python.org/pypi/gp.fileupload/
Supports progress information also, btw.
I have used the dojo FileUploader widget to reliably upload audio files greater than a gigabyte with a progress bar. Though you said security was not an issue, I'd like to say that I got HTTPS uploads w/cookie based authentication hooked up flawlessly.
See: http://www.sitepen.com/blog/2008/09/02/the-dojo-toolkit-multi-file-uploader/ and
http://api.dojotoolkit.org/jsdoc/1.3/dojox.form.FileUploader

How to prevent ActionScript code decompilaton

Is there a reliable way of preventing my actionscript code (as2 or as3) from being copied (e.g. if there's some IP in it)?
I know there are tools that can decompile flash code so it's easily reverse-engineered and I've also seen a few tools that claim to be able to obfuscate actionscript code in such a way that it's not steal-able, but I wonder how reliable they are...
Do you know? Thanks!
It is by definition imposible to prevent it.
The reason is simple, the code needs to run on the client, so the client needs to be able to read it.
The best you can do is to make so hard (time demanding) to do that it's not profitble.
Flash has a built in feature to protect againt decompiling with a password. I'm not sure exactly how it works, I guess some form of encryption.
You can try and spil sensetive data up and join it at runtime, og encrypt it and get the descryption key from the server.
But in the end there's nothing you can really do. Unless you wan't the users to input the encryption key (password or a file).
There is no build in encryption in Flash but there is a couple of free librarys like crypto lib http://code.google.com/p/as3crypto/.
I've found no reliable and sustainable way to obfuscate the code. If there's a way to obfuscate the code, I'd bet that:
it would affect the performance of your code
it would be just a matter of time before someone makes/finds a decompiler for that obfuscation method
I wouldn't consider a good practice to rely on the security of your client code. Even if the code couldn't be decompiled, the swf is run on the client and communicates with the Internet via a network connection the user has access to. The packets can be sniffed and all the data that's being transfered can be easily analyzed.
I think you should find a way to develop a secure application, even considering that the client knows everything you do. You should try to use server-side constraints and filter all inputs before using them. Also, requesting all the sensitive data from a server-side script, instead of embedding it in your AS code could be a good start.