At 9/15/09 11:41 PM, ImpotentBoy2 wrote:

At 9/15/09 11:15 PM, hdxmike wrote: function onEnterFrame(){
if (rewind==true){prevFrame();}
else if{ (rewind==false)play();
}}

function onEnterFrame(){
if (rewind) prevFrame();
else play();
}

or

function onEnterFrame(){
( rewind ? prevFrame : play)();
}

i know this post is useless but theres like 3 personal pet peeves in your code

I wouldn't recommend leaving off the curly braces as it can be a pain in the ass forgetting to put them back in after you expand that one line into 2.

Not many people know about this....
http://livedocs.adobe.com/flash/9.0/main /wwhelp/wwhimpl/common/html/wwhelp.htm?c ontext=LiveDocs_Parts&file=00004548.html

It would be a little complicated but you could achieve this by creating a movieclip that is basically the main entity that holds all the little blips. Then you would create a second movieclip message node that has a dynamic text box in it. Put an instance on the dynamic text box. Duplicate the message node and add the text to the dynamic text box. get the height from this. Add it to an array. Then iterate through all of the nodes in the array and decrease their y = y - height of new node. I basically structured it for you but im too tired to make it right now. Hope this might be some help to you making it yourself.

It is meant for high end graphics cards/pci devices that require extra power.

You can try to blur the image by 1.5 or so and that should smooth it out a little bit. Might be a tiny blurry but it will hide most of the choppiness.

I'm pretty sure the problem is here....
:: ax = _root._xmouse-(_root._x+this._x);

ay = _root._ymouse-(_root._y+this._y);

Try changing the signs from addition to subtraction (or vice versa) in some of the values here.

Cross domain file is basically just a permission slip from the server that allows it to connect from a domain other than the server. For example, if I have a game that uses sockets to connect to www.mypage.com but it is really located on www.bobspage.com, it would need to access the cross domain file first before it would successfully connect to the socket server at mypage.com. i believe the same is applied for the load variables feature in flash.

You don't "find" actionscript. You write it yourself. You also might want to read up on a few books about programming structures or about actionscript. Might want to wait a few years as it will be frustrating and hard for a little 13 year old brain.

At 9/9/09 06:44 PM, apeskape wrote: Are you using _root.mouseX?

That was stupid of me, didn't see the code for player.

Are you using _root.mouseX?

But why on earth would something decrypt like that? Do you have a simple example?

Well, I believe the reason is that each one is written differently. Since as2 bytes are accessed -127 / 127 and java bytes are accessed 0 - 256 it might be the root of the problem. I encountered this using RC4 encryption algorithm with flash / java.

Its a chat/game client/server system, so I'm not worried about too much "real" time response. I'd have to test, of course.

If it is merely a game, i really wouldn't worry about encryption unless there are transactions involved. Or perhaps you could only encrypt the important messages involving score changes or something.

Eh, well, the way I "envisioned" this is that decryption on the server side would always be the same. And public keys for ActionScript would be set during the initial server-client response and not change for that session. My socket connections are persistent, and I iterate over lists of them in separate threads to see which ones need a new request/response thread. So the public key would just be stored with the stream and accessed by the request/response thread. Why would the key need to be changed each time? Why not for each client?

It depends entirely on how you implement it. If you have a dynamic key that changes packet to packet for each client, you will have to generate the key each time it changes. If each client has a different key, and that key stays static, then you just generate it and it is stored in the memory.

Having never done anything with MD5 or SHA I'll have to look those up.

They are very quite simple. You just input a byte array or string and it will digest it and return a hash like m1abnt2nbw4mkasd4.

Here's my question on MD5 and SHA though with passwords. The idea here is that I store something in my database, apparently this should be the salted encrypted password. At what point in this process is recommended to do this.

Ok the standard way most people manage passwords goes like this. The account is created, the password is hashed and then placed in the database. When the account tries to log in, the password provided by the client is hashed and compared to the original. If it matches, then grant them access. If it fails, tell them they have the wrong password. If they forget their password, you generate a random key most likely using MD5 or SHA, store it in a database, and send an email to the user account. Once they click the link, it will bring them to a secured page in which they will be allowed to type a new password in and the process starts from the beginning.

If I do it in the client, then this new salted thing becomes the actual password and a hacker only needs to submit that value to my server.

If I salt and hash it on the server end, then again, all they need to do is get the real password in transit and pass it on.

If a hacker has access to ALL of the transmissions between the client and the server, that client has more to worry about than the password to his account being compromised. What you can do to prevent this, is to hash the new password on the server end once with a salt, and a second time with another different salt. Then when the client types his password and clicks log in , it will hash the password with the first salt, the server then recieves the message, hashes it again, compares it to the original. This will keep the password safe in transit to the server without revealing the true way you hash passwords on the back end.

It seems no matter what sha/md5 doesn't actually protect except against when users can see the passwords in my database or before it moves in transit so that they can enter it into the client themselves.

These digest algorithms are a one way encryption, meaning you encrypt it and you cant unencrypt it. It is good for something like password storage as you do not want a hacker to acquire unencrypted passwords as most idiots on the internet use the same password for every site and online bank account. This is basically just security for the mass amount of clients in case of a breach in security of the database. If you don;t properly secure these and someone can prove gross negligence, you could be sued.

What added bonus is there to doing this if I'm already using something along the lines of RSA, which, btw, apparently isn't worth using anymore?

Just because the big wigs say it shouldn't be used doesn't mean its obsolete. For what you are doing you don't need top of the line online banking SSL encryption. The only person that would be able to crack an RSA encryption is the kind of person that would want to get paid for it. IE they want to steal credit card numbers. For what you are using it for however, it is fine. I believe the only real attacks on RSA are brute force or partial decryption and these take a very long time to perform. They could most likely obfuscate and reverse engineer your game before they cracked it, unless they figured out what the key was.

One more point i want to make, even if they crack your packet encryption, what will they do then? Think about it. Are they just going to cheat or post a really high score on a high score list or something trivial like that? Just make it so your server has some logic when processing the packets from the clients. Make it so it knows when a movement packet has exceeded a certain amount of distance in a set amount of time, and flag that user that they are warp hacking. Just create basic back end logic to counter the cheaters and it would be more than enough.

I had the same problem as you. First, let me start out by saying that no encryption is 100% safe. No matter how tough you make it to crack, there will always be someone out there that can do it. All you can hope for is that you make it difficult enough to deter 99% of the people who try.

Second, another issue you are facing is the mere structure of encryption itself. In most situations you are trying to keep a message encrypted to all but the sender and the receiver. In your case however you are trying to keep it protected from the client as well which creates even more of a problem.

There are also some issues you haven't encountered yet, but you will soon find out when you start working on one. For example, encryption algorithms written in flash most often behave slightly differently than those written in other languages just because of some minor limitations of actionscript. for example, the real string "ABCDEFG" might get decrypted as "ABC%@FG".

Another issue is that when sending this information over sockets, the zero byte "\x00" is the termination character for a message. Many encryption methods use bytes 0 - 256 so some messages might be cut short if a byte like this happens. A workaround for this is to pack the string as hex characters, but then you are doubling the bandwidth required for your messages.

One more issue is performance. Encryption generally doesn't use much cpu on its own. But when it comes to processing a few hundred messages per second and each one requiring a new key to be generated for each instance, you can expect some performance decreases.

As for the client being decompiled; Even if you obfuscate the SWF, someone can still retrieve the key if its stored in a plain string in the SWF. I recommend using a public/private method as you suggested, and change the key upon each transmission.

Failing to use any adequate digest or encryption on passwords is quite stupid. I believe it is even illegal in some situations. Use a simple MD5 or SHA with a very very big / dynamic salt. Perhaps one that changes dynamically depending on the length of the password.

I'm gonna cut the post short here as im tired. If you have any more questions I'll try my best to answer em.

wordList = new Array();
wordList[0] = "Cow";
wordList[1] = "Cow";
wordList[2] = "Cow";

textBox.text = wordList[random(2)];

At 9/2/09 11:55 PM, RottenMilk wrote: I was just wondering how i would implement the A* pathfinding algorithm in a continous environment :and by that, I mean not tile based.

The A* algorithm is entirely grid/tile based. You will need a grid with mapped out collision tiles for it to work. It is very intensive on the cpu as well so keep this in mind. I would recommend a point based pathfinding system instead.

The error you are getting, Error #2006 means that the array you are accessing, (getChildAt) is out of bounds. Basically this means you put in a number into getChildAt() that exceeded the number of children. I would recommend you check spel.numChildren and don't exceed that number -1.

Just do:
var myVariable:int = 1;
var myVariable:int;
var myVariable;

Either one of these 3 will work in AS3, and they should work in as2 as well. If not change int to number. When you use _root.myVariable you are basically defining that the location the variable is at is in the root of the movie, or the highest level.

http://uppit.com/v/81P8PFHA
Its encrypted ill private message password. Hope you got winrar.

I would check out http://blossom-server.com/ if you are interested in making a socket server in php.

I think you might be missing the most important job for your project.

When I hit submit it says service unavailable. So I'm not too sure if it went through or not. Might be something you should look into though.

I believe what you are trying to do is escape the double quotes so that they don't end the string. Use a forward slash to escape the character.

var myString = " abcd... \" this quote will not mark the end of the string. ";

Google nullsoft installer.

The only overhead that (might) occur would be with the OS type and whether it is 32/64. Even then its a big maybe and you shouldn't really worry that much about thread overhead. Personally I have done my own tests with over 2000 simultaneous threads and haven't noticed a single hiccup. The only thing that should concern you with this sort of architecture is thread safety and DOS attacks.

For example, if someone wanted to crash your server, they could just spam a bunch of socket connections to your server and there could be a potential that it would block connections to other connecting users or cause some sort of conflict with the creation of the thread. Another possible attack could be that a malicious user tries to tie up all your socket connections. If you don't have the socket timeout implemented (Like i posted earlier) your server will not be able to bind any other sockets as all of them would remain in use and wouldn't time out. Thus no one would be able to connect.

Either way, these are a few security holes that you most likely wont have to deal with, but it would be a good idea to try to prevent them.

I saw something like this a while ago. I'm working with Flash 8, however... Is it a flash player issue, or is it the compiled version that causes this to happen? I thought the older versions of flash didn't support that.

You are correct, the older versions do not support this, but a majority of browsers have flash player 8+ and this version actually requires the cross domain policy.

Thanks for the warning! Currently I am doing something like that. Everytime a new connection occurs I create a new thread instance. I'm worried this might be very inefficient, but its what made sense to me at the time. When the user closes the window the thread exits, but I don't null it out, as of yet. I'll have to do that even though I don't think there are any remaining references to it. I should most likely have closed it regardless, but I haven't done that either.

This might be ideal for a simple chat application but as soon as these threads interact with other variables you are going to have problems unless you thread-safe your code. Look here....

http://www.artima.com/designtechniques/t hreadsafety.html

Also, if you plan to go about this route of management make sure you stop the thread too as calling out too many threads can potentially cause problems on different operating systems.

I've picked games that shouldn't need "instantaneous" response times, so I'm not too worried on this point.

It shouldn't be that hard to implement, i recommend adding it in anyway as it should increase the response time of the server.

I didn't know much about it before, aside from the basic idea, but it seems to be working fine now. :)

Hehe, make sure you try and catch some of the main methods of code and once you stress run your server you will eventually see a couple array out of bounds exceptions occasionally. This means 2 or more threads have tried to access a resource at the same exact time. Don't touch threading with a 20 foot pole unless you are ready to dedicate numerous hours troubleshooting and planning.

I am too working on a threaded socket server in java intended for an upcoming project. I have some tips that might help you out....

If the flash applet is going to be viewed in the webpage, you need to have the cross domain policy setup. This is basically a stupid security protection adobe made so a website can't create a rouge applet that floods tcp socket connections to a server. Anyway, when the applet connects to the server, It will send something like <cross-domain-policy-request/> or something similar. In order for the flash applet to successfully receive messages, the server has to respond to that message with something like.....

public static String policy = "<cross-domain-policy>\n<allow-access-from domain=\"*\" to-ports=\"1234\"/>\n</cross-domain-policy>";

Note: the double quotes have been escaped in this java string so you can copy this right into your project.

Next, you need to have a very systematic way to manage sockets. IE array lists or a large array. If you don't manage them properly and null the object when the socket is finished, there is a chance that the garbage collector wont clear the used memory, thus you will have a very inefficient server that will require frequent restarting.

Another good tip would be to use.....

socket.setSoTimeout(1);
                socket.setTcpNoDelay(true);

Look up the javadocs about these two if you want any extra info but basically these are critical when writing a high performance server for a game or something that requires fast socket reads.

Finally, if you aren't using threads, consider making your project multi-threaded, as you can handle a whole lot more clients (at least double the amount) If you create threads for separate tasks. But if you have no clue about threading and synchronization, then don't bother as this will be hell.

I can't really recommend any books as I have learned these things from trial and error and through lots of experimentation. If you have any other questions feel free to PM them to me or something.

Get the NetBeans IDE, its made by the people who make java, so it has everything you need. Then get a nice book on Java or read some tutorials. It has the compiler built in I think, so it keeps it simple and you don't need to set the classpaths or use command line and all that garbage.

Layers determine what will be placed in what order... Think of layers as a deck of cards. Layers higher up are basically cards near the top of the deck. Lower ones are at the bottom and are covered by higher ones. Tweens can be accessed by placing two keyframes(with different content) separated by a span of frames. might look like [o][--------------------][o] right click on any of the frames in the middle and select your tween.

I would recommend picking up a book that teaches you the basics on flash. Might take you a few days to read through but it is necessary for all beginners. If you are interested in more advanced Action Scripting, pick one up on AS2 or AS3.

Although this would be a little extreme, it wouldn't allow anyone to steal your SWF. You could use AS3 and utilize the binary sockets to stream the SWF to a shell SWF. That way, the file isn't stored in the browser's cache (as it isn't an http action). The only downside to this is that you need to program a file socket server that serves the purpose of merely sending out SWFs.

Perhaps increasing the length of the last frame and make sure you haven't overridden the function with one that has the same name.

You should get in the habit of using the

<?php

starting tag instead.