4 Replies Latest reply on Sep 14, 2011 3:50 AM by lhbacker

    Prevent Flex Module from making Internet calls

    lhbacker

      Hello,

       

      I'm trying to figure out if it is possible to limit a flex module that I load from a remote location from accessing the Internet directly.  It looks like I could only load it into the loaders security domain or its own remote domain... both of which would allow Internet connections to be made from it.  Does anyone have an idea of how I could enforce this limit?

       

      Thanks!

      Lisa

        • 1. Re: Prevent Flex Module from making Internet calls
          Flex harUI Adobe Employee

          A Module must be loaded into a child applicationDomain so it can't be

          sandboxed from the rest of the app.  A sub-Application can be loaded into

          its own security domain.

           

          However, I don't know of any way to prevent it from accessing the internet.

           

          What problems are you concerned about?  There might be a way to mitigate

          particular scenarios.

          1 person found this helpful
          • 2. Re: Prevent Flex Module from making Internet calls
            lhbacker Level 1

            First of all - thanks for writing back so quickly!

             

            I thought that may be the case - it makes sense.  I'm working with someone who wants to load third-party flex modules but then force them to communicate using their own communications interface to enforce secure protocols and encryption.  They don't want the third-party flex module to use a more lax security protocol than they define.  At the same time - they want a flex module because they want to take advantage sharing RSLs, etc. and the smaller file sizes that modules can provide.  Any ideas come to mind?  This one is definitely stumping me.  It's not too late for me to turn away from modules if there is another way to enforce this with a sub-application.

             

            Lisa

            • 3. Re: Prevent Flex Module from making Internet calls
              Flex harUI Adobe Employee

              I can't think of any way to prevent someone from adding a call to URLLoader,

              Sockets or NavigateToURL from their SWF or detect that they are making such

              a call.

               

              You could scan the SWF to see if someone is making those calls and refuse to

              load the SWF.

               

              If you have a custom communications mechanism, the best you can probably do

              is have that mechanism display some UI somewhere similar to the lock icon in

              the browser.  Then if the SWF does not use that mechanism, the UI won't show

              that it is secure.  If you then use sub-apps loaded into separate security

              domains, the SWF will not be able to fake that UI because it won't have

              access to your display list.

              1 person found this helpful
              • 4. Re: Prevent Flex Module from making Internet calls
                lhbacker Level 1

                Thanks - that's a creative idea.  I'll run it past the application decision makers.  Thanks!