actinscript security utils
ActionScript Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
js
src
support
test
xml
.gitignore
.gitmodules
README.md

README.md

ActionScript 3 Security Utilities

ActionScript 3 Security Utilities provides some common solutions for security.

            +--------------------------------------------+         +------------------------------------------+
            |       ^        page.com/page.html    + +   |         |    assets.cdn.com/FILE                   |
            |-------|------------------------------|-|---|         |------------------------------------------|
            |       |                              | |   |         |                                          |
            |      (1)                            (2)|   |         |                                          |
            |       |                              | |   |         |                                          |
            | +-----|------------------------------|-|-  |         |                                          |
            | |     +         swf.com/flash.swf    v +------(3)--->|     FILE:                                |
            | |----------------------------------------| |         |        * flash.swf //swf files           |
            | | * Security.allowDomain                +------(4)------->    * image.jpg //image files         |
            | | * Security.allowInsecureDomain         | |         |        * data.xml  // text files         |
            | | * localConnection.allowDomain         +-----(6)--------->   * other     // other files        |
            | | * localConnection.allowInsecureDomain || |         |                                          |
      +-------->                                      +-------+                                               |
      |     | |    ^                                   | |    |    |                                          |
      |     | +----|-----------------------------------+ |    |    |                                          |
      |     |      |                                     |    |    |                                          |
      |     |      |                                     |    |    |                                          |
      |     |     (5)     * allowscriptaccess            |    |    |                                          |
      |     |      |      * allownetworking              |    |    |                                          |
      |     |      |                                     |    |    +------------------------------------------+
      |     | +----|-----------------------------------+ |    |
      |     | |    +    swf2.com/flash2.swf            | |    |
      |     | +----------------------------------------+ |    |
      |     |                                            |    |
      |     +--------------------------------------------+    |
      |                                                       |
      |                                 +---------------------|------------------+
      |                                 |      LOCAL          +                  |
     (5)                                |----------------------------------------|
      |                                 |                                        |
      |                                 |         LOCAL                          |
      |                                 |           * file.air                   |
      +-----------------------------------+         * file.swf                   |
                                        |           * other                      |
                                        |                                        |
                                        |                                        |
                                        |                                        |
                                        +----------------------------------------+

About "whitelist.xml"

similar to Cross-domain policy :

Element specification

root element name is not be required

allow-access-from

  • allow-access-from grants a requesting domain access to read data from the target domain
<?xml version="1.0" encoding="utf-8" ?>
<domain-policy>
	<allow-access-from domain="kingfo.github.com"/>
</domain-policy>
  • although multiple domains can be given access with one allow-access-from element by using a wildcard (*)
<?xml version="1.0" encoding="utf-8" ?>
<domain-policy>
	<allow-access-from domain="*"/>
</domain-policy>
<?xml version="1.0" encoding="utf-8" ?>
<domain-policy>
	<allow-access-from domain="*.github.com"/>
</domain-policy>
  • Child of root element
Attributes
domain

Specifies a requesting domain to be granted access.

  • Both named domains and IP addresses are acceptable values.
  • Subdomains are considered different domains
Matching rule
  • Individual named domains or subdomains must match exactly.
  • Explicit IP addresses do not match named domains, even if they refer to the same host
  • Domain wildcards, such as *.example.com, match both the domain alone and any subdomains.
  • An overall wildcard, (*) allows access by all requestors and is not recommended.

All Tests

http://kingfo.github.com/as3security/test/Runner.html

Quick Start

About github markdown?

https://github.com/mojombo/github-flavored-markdown/issues/1