Bunchball Developer Wiki

 

Flash Connector

Page history last edited by Rajat Paharia 1 week, 1 day ago

The Flash Connector enables Flash content to securely connect to a Nitro Server and call any API methods, including IP whitelisted ones.

 

You may have Flash content in your website or your application that you want to have fire Nitro events, credit or debit points, etc. Normal HTTP calls to the Nitro Server from Flash content will work for read-only methods, but will fail for all IP whitelisted "write" methods. If you'd like the ability to call IP whitelisted API methods from your Flash content, use the Flash Connector. The Flash Connector requires Flash Player version 9.0.115.0 or higher. All the steps provided below are taken in order to secure your content, so that end users or other parties can't fire events or credit/debit points on their own behalf.

 

ActionScript 3

Download a Sample

 

ActionScript 2

Download a Sample

 

  1. Create your Flash content.
  2. Get a Content ID. Go into the Admin UI, and go to the Site > Security Tab. In the Content Urls section, add in the full path to your SWF file. While developing on your local machine, this might look like this on a PC: 

    file:///C|/Documents%20and%20Settings/Mister%20Mac/My%20Documents/games/sudoku.swf.

    To see what the exact path is, trace out _level0._url in your Flash movie. Once the swf is uploaded to your server, the path will look like this:

    http://www.mysite.com/games/sudoku.swf.

    You can change the path or add a new one at any time. Make a note of the Content ID that is assigned to your SWF. You will need to pass this ID in when loading the Flash Connector.

  3. Pick which connector to load. The Flash Connector is a swf that you load into your swf that acts as a secure proxy between your swf and the Nitro Server. It can be loaded using any of the normal Flash methods for loading in another movieclip. You will need to load the proper one, depending on which version of ActionScript your swf is written in. The Flash Connector for AS2 can be loaded from:

    PATH TBD

  4. Set Security Settings. Immediately before your call to load the connector, you must call:

    System.security.allowDomain(PATH TBD);

    This enables the Flash Connector to call back into your swf with the results of Nitro method calls.

  5. Load the Flash Connector into a movieclip. In order to load the Flash Connector you will need to provide the following arguments, appended as part of the querystring to the path above:
    1. server: your Nitro endpoint
    2. apiKey: your apiKey
    3. userId: the current user's userId
    4. timeStamp: the timestamp used to compute the signature
    5. signature: a signature computed with your site's secret key. This should have been computed on your server, since you never want to embed your secret into anything that gets delivered to an end user.
    6. contentId: The Content ID that was assigned to your swf in the Admin UI.
    7. callback: The name of a function in your swf to be called when the Connector is ready. It should take a single argument, a string that indicates the status code.
  6. Check the callback. Once the connector is loaded, it will call the function specified in callback with a status code. If the connection to the Nitro Server was successful, the status code will be CONNECTED. If it was unsuccessful, the the status code will indicate what the problem is. Once you are connected to the Nitro Server, you can start calling Nitro methods.
  7. Call Nitro methods. You call Nitro methods by calling the nitroCall method on the movieclip that you loaded the connector into in Step 5. The nitroCall method takes two arguments, an object containing all the method arguments, and a callback function. Here's an example of how to call a Nitro Method when the Connector was loaded into a movieclip called nitroConnector, and the function showResult will be called with the XML from the Nitro server.

        var nitroCall_obj:Object = { };
        nitroCall_obj.method = "user.getPointsBalance";
        nitroCall_obj.userId = "213751";
        nitroConnector.nitroCall(nitroCall_obj, showResult);

     

  8. Download this sample to see a live example.

 

 

Other security considerations

Note that while the Flash Connector addresses many of the security issues inherent in using Flash, it does not address the ability for users to use in-memory editors like CheatEngine to alter scores or other Flash variables in memory. To prevent users from doing this, we recommend using an in-memory cryptography library, and always using it to store any variables that might impact a user's point total, leaderboard, status, etc.

 

ActionScript 3: Download and use Mike Grundvig's MemoryCrypto library. (or download from our server).

ActionScript 2: We ported Mike's library to AS2. Download it here.

Comments (0)

You don't have permission to comment on this page.

Printable version
 
Anonymous Create an account or Log in