5 Replies Latest reply on Sep 12, 2006 12:48 PM by Newsgroup_User

    sql inside flash / security

    Level 7
      hi

      i have four questions...

      1 - it is possible to use sql inside flash? how? where i can found
      information about this kind of operation?
      2 - how the best way to send data to a sql database via flash?
      3 - i know that is possible do "decompile" a swf file. in this case, how to
      prevent a user to see the information that is writed in flash code?
      4 - there is a way to send data without use the flash "forms"? whitout use a
      submit button (via get/post method)? i need to send data to asp file without
      use post or get....

      thanks

      Gustavo


        • 1. Re: sql inside flash / security
          Level 7
          You can put SQL commands inside of Flash, but there are many options for
          actually connecting to a data source with some sort of server-side
          programming. Most likely though, you wouldn't want the entire command in
          Flash, rather you would pass variables to a server-side app that would
          create the SQL call for you based on the variables you gave it. This is much
          more flexible.

          You can handle getting/passing of the data from Flash in these ways (maybe
          not all possiblities):

          1. URL encoding - pass data too and from flash via URL parameters
          (page.asp?productID=50...)
          2. FlashVars - written at runtime with server-side code
          3. LoadVars - point to a server-side app that returns URL encoded variables
          4. XML - Using sendAndLoad() metho
          5. AMF (Flash Remoting)
          6. Web Services

          I have used all of them and since i'm a ColdFusion guy, Flash Remoting is a
          snap, allows for complex data types instead of strings like the others, and
          packets are much smaller than Web Services or XML.

          Preventing someone from decompiling is difficult, but take a look at Flash
          encryption tools like ActionCrypt and Flash Incrypt.

          Depending on the route you choose to connect to server-side resources, there
          are several books on each topic.

          Here are some I have:
          Flash MX2004 for RIA
          XML for Flash
          Complete Flash Remoting

          Hope this helps

          Chris


          • 2. Re: sql inside flash / security
            Level 7
            ok++!
            thanks!!!!
            just type the sql commands inside a frame action?
            and the connection with server database??
            how i do the connection with database?
            do you know that?

            gustavo


            "Christopher Hayes" <chris.hayes@maritz.com> escreveu na mensagem
            news:ee6qrt$gti$1@forums.macromedia.com...
            > You can put SQL commands inside of Flash, but there are many options for
            > actually connecting to a data source with some sort of server-side
            > programming. Most likely though, you wouldn't want the entire command in
            > Flash, rather you would pass variables to a server-side app that would
            > create the SQL call for you based on the variables you gave it. This is
            > much more flexible.
            >
            > You can handle getting/passing of the data from Flash in these ways (maybe
            > not all possiblities):
            >
            > 1. URL encoding - pass data too and from flash via URL parameters
            > (page.asp?productID=50...)
            > 2. FlashVars - written at runtime with server-side code
            > 3. LoadVars - point to a server-side app that returns URL encoded
            > variables
            > 4. XML - Using sendAndLoad() metho
            > 5. AMF (Flash Remoting)
            > 6. Web Services
            >
            > I have used all of them and since i'm a ColdFusion guy, Flash Remoting is
            > a snap, allows for complex data types instead of strings like the others,
            > and packets are much smaller than Web Services or XML.
            >
            > Preventing someone from decompiling is difficult, but take a look at Flash
            > encryption tools like ActionCrypt and Flash Incrypt.
            >
            > Depending on the route you choose to connect to server-side resources,
            > there are several books on each topic.
            >
            > Here are some I have:
            > Flash MX2004 for RIA
            > XML for Flash
            > Complete Flash Remoting
            >
            > Hope this helps
            >
            > Chris
            >


            • 3. Re: sql inside flash / security
              Level 7
              If you have no sever-side (.NET, ColdFusion, PERL, etc.) programming
              experience, I would say that this is going to be a very long and arduous
              task.

              You'll need to know a server-side programming language, SQL Server (or
              similar), SQL Syntax, and knowledge of how to handle the data once inside
              Flash.

              Not exactly something you can just learn from a single post.

              That being said your best bet would be to grab a copy of one of the books I
              listed and start reading.

              You can practice connecting to Web Services (if that's the way you go) with
              some freebies on xmethods.net, so that you can get familiar with the syntax,
              event handlers, etc. that you will need to use in your app.

              Good luck.


              • 4. Re: sql inside flash / security
                Level 7
                uhm...
                i was thinking in write the sql commands direct inside a frame action

                i know the commands that i need to use for my tests (selects, inserts, joins
                and other commands)
                ... i builded a .asp that does the same actions and works nice....
                but... inside flash... without a direct ado connection.... doenst work for
                me....

                i need something that i can send, data directly to the database.... i dont
                want to receive any data from db... just send....
                without any "interfaces" or any "intermediate" structures like xml.....

                but.... thanks again!!!!
                i will try to find a way ...
                ehehe!

                gustavo

                "Christopher Hayes" <chris.hayes@maritz.com> escreveu na mensagem
                news:ee6tss$kij$1@forums.macromedia.com...
                > If you have no sever-side (.NET, ColdFusion, PERL, etc.) programming
                > experience, I would say that this is going to be a very long and arduous
                > task.
                >
                > You'll need to know a server-side programming language, SQL Server (or
                > similar), SQL Syntax, and knowledge of how to handle the data once inside
                > Flash.
                >
                > Not exactly something you can just learn from a single post.
                >
                > That being said your best bet would be to grab a copy of one of the books
                > I listed and start reading.
                >
                > You can practice connecting to Web Services (if that's the way you go)
                > with some freebies on xmethods.net, so that you can get familiar with the
                > syntax, event handlers, etc. that you will need to use in your app.
                >
                > Good luck.
                >


                • 5. Re: sql inside flash / security
                  Level 7
                  I would use the same method like you did with asp page, but just send it
                  parameters that will build the SQL query for you and return data.

                  So if you pass somepage.asp?var1=something&var2=something....

                  you can check those URL parameters in ASP and build the query like this (not
                  exact code, but example)

                  var recordID = request.QueryString[var1];
                  var whatever = request.QueryString[var2];

                  then build the query....

                  var myQuery = ("SELECT FROM tblName WHERE recordID = " + recordID);
                  return myQuery

                  ...something like that.

                  If you are looking to connect directly to SQL from Flash - you can't do it
                  on a Web app, but if you are doing an application that runs on the desktop
                  or from CD, you can use Zinc v2 to connect directly to an Access or MySQL
                  database.

                  Enjoy!

                  Chris