Flex Ajax Bridge

The Flex Ajax Bridge (FABridge) is a small code library that you can insert into an Flex application, a Flex component, or an empty SWF file to expose it to scripting in the browser.

Rather than having to define new, simplified APIs to expose a graph of ActionScript objects to JavaScript, with FABridge you can make your ActionScript classes available to JavaScript without any additional coding. After you insert the library, essentially anything you can do with ActionScript, you can do with JavaScript.

Adobe Flash Player has the native ability, through the External API (the ExternalInterface class), to call JavaScript from ActionScript, and vice versa. But ExternalInterface has some limitations:

• The ExternalInterface class requires you, the developer, to write a library of extra code in both ActionScript and JavaScript, to expose the functionality of your Flex application to JavaScript, and vice versa.
• The ExternalInterface class also limits what you can pass across the gap - primitive types, arrays, and simple objects are legal, but user-defined classes, with associated properties and methods, are off-limits.
• The ExternalInterface class lets you define an interface so your JavaScript can call your ActionScript. FABridge lets you write JavaScript instead of ActionScript.

When to use the Flex Ajax Bridge

The FABridge library is useful in the following situations:

• You want to use a rich Flex component in an Ajax application but do not want to write a lot of Flex code. If you wrap the component in a FABridge-enabled stub application, you can script it entirely from JavaScript, including using JavaScript generated remotely by the server.
• You have only one or two people on your team who know Flex. The FABridge library lets everyone on your team use the work produced by one or two Flex specialists.
• You are building an integrated rich Internet application (RIA) with Flex and Ajax portions.Although you could build the integration yourself using ExternalInterface, you might find it faster to start with the FABridge.

Requirements for using the Ajax Bridge

To use the FABridge library and samples, you must have the following:

• Flex Ajax Bridge, which is included in the following directory of the Flex 3 SDK installation:

  installation_dir\frameworks\javascript\fabridge

• Adobe Flex SDK
• Adobe® Flash® Player 9 or Adobe® AIR™
• Microsoft Internet Explorer, Mozilla Firefox, or Opera with JavaScript enabled
• Any HTTP server to run the samples

To run the samples:

1. Browse to the files found within the installation_dir\frameworks\javascript\fabridge
2. Place the src and samples folders side by side on any HTTP server.
3. Open a web browser to http://yourwebserver/samples/FABridgeSample.html and samples/SimpleSample.html and follow the instructions there. Make sure you access the samples through http:// URLs and not file:// URLs. The Flash Player security sandbox prevents them from working correctly when they are accessed as local files.

Courtesy.. Flex LiveDocs

SCROM, AS3 MIX QUESTIONS

1. How to access the CDATA tag data from xml in AS2 and AS3.
2. What is the difference between data fetching process from xml in AS and AS3.
3. What are the commonly used LMSs.
4. What is the latest version of SCORM. Which LMS is using the latest version of SCORM.
5. What are the differences between the AICC standards and SCORM standards.
6. What are differences between scorm 1.2 and 2004.
7. How we suggest the client to go for which version of SCORM.
   
8. What is the most widely used SCORM version.
9. What is the use of adobe presentor.
10. How we include the WMV format video in our courses.
11. What are the basic things which needs to be take care of when developing the CORM compliant Courses.
12. If we want to design an SCROM compliant course in flash how we move ahead.
13. Can we design the complete course in flash or we need some other technology or language for designing.
14. Can we make a complete course in adobe captivate.
15. What r basic architectures we follow in designing the e-learning courses.
16. What is the difference between the function of scorm 1.2 and 2004.
17. what is the use of remote client and media servers in the e-learning.

Will you dance with me tonight..

It’s been so long
Since I’ve known right from wrong
Got no job, sometimes I just sit down and sob
Wondering if anything will go right
Or will you dance with me tonight

When the sun departs
I feel a hole down in my heart
Put on some shoes
Come down here and listen to the blues
Wondering if anything will go right
Or will you dance with me tonight

I’m looking at you
You’re looking at me
We’re the only two off the dance floor
Do you see what I see
Two broken lives working in harmony
Might make for a decent time
So get up and dance with me

I know that it seems that the grass will grow
Better on the other side of the barb wire fence
But that other side is not in sight
So I’m fine with what I have now
If you’ll dance with me tonight

What’s the point of life
If risk is just a board game
You roll the dice
But you’re just hoping that the rules change
What’s the point if you can’t bring yourself to say
Things you wanna say like
Dance with me tonight
Courtesy-- Music And Lyrics.. Hugh Grant...

Local Shared Object

LSO, a bigger better cookie

Local Shared Object (LSO) or Flash cookie, like the HTTP cookie, is a way of storing information about us and tracking our movement around the Internet. Some other things I learned:

• Flash cookies can hold a lot more data, up to 100 Kilobytes. A standard HTTP cookie is only 4 Kilobytes.

• Flash cookies have no expiration date by default.

• Flash cookies are stored in different locations, making them difficult to find.
  
  The only way you can access information about resident Flash cookies is by going to Flash Player’s Web site.
  
  Courtesy- http://blogs.techrepublic.com.com/security/?p=2299&tag=nl.e036
  

DTO (Data Transfer Objects)

A Data Transfer Object, or DTO is a design pattern for a very specific type of object that is used to transfer data between different parts of your application.

A DTO is just for temporarily storing information whilst it is in transit. Therefor a DTO has limited behaviour, only that of storing, retrieving, validating, and internal consistency checking of its own data. They should have no responsibility in terms of security, transaction, and business logic. This de-coupling of storage and business logic will enable us to use the same DTO in different contexts.

DTOs come in two different types: generic collections, or custom objects.

Generic Collections

Generic collections, eg. Dictionaries or Arrays, are advantageous in that you only require a single DTO for all your data transfer needs. The main disadvantage is that the client has to access fields either by position index (in the case of Arrays), or by key (in the case of Dictionaries). A further problem is that as the type of objects in a collection is unknown. In a future revision of Actionscript Arrays will be typed, which will only allow collections to store data of one type. This can lead to items being stored as a generic Object type, which can lead to subtle but fatal coding errors that cannot be detected at compile time.

The creation of a dynamic generic objects can be costly as Flash doesn’t know how much memory to allocate. By typing all your variables, Flash can then allocate the necessary memory for those variables and no more. This avoids the creation of a Hash Table and will therefor decrease memory consumption and increase performance.

Custom Objects

Creating a custom class for your DTOs provides strictly typed objects which allow for compile-time checking and support code editing features like FDTs “code assist” feature (ctrl + space). The only drawback is the creation of a large amount of DTOs that might be required for a large application.

Fields contained within a custom DTO should be of primitive/simple types eg. strings, booleans, etc. or arrays of those, and it may even contain other DTOs. As DTOs are meant to be temporary objects for transferring data, their fields should be immutable (read-only). Although this can be particularly difficult to achieve under certain circumstances.

1. package ch.forea.exampleDTO {
2. public class CardDTO{
3. private var _name:String;
4. private var _address:String;
5. private var _phone:String;
7. public function CardDTO(name:String, address:String, phone:String){
8. _name = name;
9. _address = address;
10. _phone = phone;
11. }
13. public function get name():String{
14. return _name;
15. }
16. public function get address():String{
17. return _address;
18. }
19. public function get phone():String{
20. return _phone;
21. }
22. }
23. }

The purpose of all this is to package all required information in to one package, therefor transferring everything in one call rather than multiple calls. This method can be advantageous if the call is to a remote system, as any further calls to the DTO are made locally to the client.



http://forea.ch/blog/2008/11/14/back-to-basics-the-data-transfer-object-dto/

ApplicationDomain class

Using the ApplicationDomain class

The purpose of the ApplicationDomain class is to store a table of ActionScript 3.0 definitions. All code in a SWF file is defined to exist in an application domain. You use application domains to partition classes that are in the same security domain. This allows multiple definitions of the same class to exist and also lets children reuse parent definitions.

You can use application domains when loading an external SWF file written in ActionScript 3.0 using the Loader class API. (Note that you cannot use application domains when loading an image or SWF file written in ActionScript 1.0 or ActionScript 2.0.) All ActionScript 3.0 definitions contained in the loaded class are stored in the application domain. When loading the SWF file, you can specify that the file be included in the same application domain as that of the Loader object, by setting the applicationDomain parameter of the LoaderContext object to ApplicationDomain.currentDomain. By putting the loaded SWF file in the same application domain, you can access its classes directly. This can be useful if you are loading a SWF file that contains embedded media, which you can access via their associated class names, or if you want to access the loaded SWF file's methods, as shown in the following example:

package {    

import flash.display.Loader;   

import flash.display.Sprite;  

 import flash.events.*;   

import flash.net.URLRequest;  

 import flash.system.ApplicationDomain;

   import flash.system.LoaderContext;  

  public class ApplicationDomainExample extends Sprite     {

       private var ldr:Loader;       

public function ApplicationDomainExample()         {

           ldr = new Loader();            

var req:URLRequest = new URLRequest("Greeter.swf");            

var ldrContext:LoaderContext = new LoaderContext(false,

ApplicationDomain.currentDomain);            

ldr.contentLoaderInfo.addEventListener(Event.COMPLETE, completeHandler);

 ldr.load(req, ldrContext);             }       

private function completeHandler(event:Event):void         {  

        ApplicationDomain.currentDomain.getDefinition("Greeter");  

         var myGreeter:Greeter = Greeter(event.target.content);   

        var message:String = myGreeter.welcome("Tommy");       

    trace(message); // Hello, Tommy         }     } }









Other things to keep in mind when you work with application domains include

the following:
 
All code in a SWF file is defined to exist in an application domain.

The  current domain is where your main application runs.

The system  domain contains all application domains, including the current

domain,  which means that it contains all Flash Player classes.

All application domains, except the system domain, have an associated parent

domain. The parent domain for your main application's application domain is

the  system domain. Loaded classes are defined only when their parent doesn't

already  define them. You cannot override a loaded class definition with

a newer  definition. 

YOUR EPITAPH

YOUR EPITAPH

I've got whole worlds staring at screens
And yet no one ever senses me in between.
I could be any of the ones or the zeros
One of its zillion unsung heroes

I'm told I'm a geek god in a glass temple
Worshipped. Overpaid. Replaceable.
A human architect in this digital crucible,
Neo, Invincible, One, Invisible.

I exist, God-like in a desk job mode
And on the 7th day I rest
I can be benched, right sized or dropped on the road
Never lived for, though I too will live forever with the index

So my friend, if you, like myself, are seeking me now
I pray this song finds you somehow.
Coz my world is so much smaller these days
So small, precious little is face to face

And if I've earned one epitaph no one grudges me,
It's for being human, behind the screen
For putting the ones and zeros in place
And most of myself in this digital embrace

You see the world is so much smaller these days
How could something so small take away my face?

- SALTMARCH MEDIAS DEVELOPER ANTHEM

REST parameter

ActionScript 3.0 introduces a new parameter declaration called the ... (rest) parameter. This parameter allows you to specify an array parameter that accepts any number of comma- delimited arguments.

function getItems(...rest):void
{
 // ... logic goes here
}

Notice that the only parameter the getItems method is ...rest, this is a rest parameter. When creating a rest parameter you should keep the following things in mind:

• Rest parameters are untyped. It is up to you to validate any special type requirements as you loop through the rest parameter array.
• Rest parameters must be at the end of a method's parameters.
• The rest parameters must have ... in front of it, but the variable name can be anything.

When you want to retrieve values out of a rest parameter you simply iterate (loop) through them like you would any other array. Here is an example:

 
function getItems(...items):void
{
 var total:int = items.length;
 for( var i:int = 0; i < total; i++)
 {
   trace("Look up item", items[i]);
  }
}

getItems("testA","testB","testC", 10);

When we call the method we can pass in any number of items as
long as they are separated by a comma. Back in the getItems method we get the
total from the rest parameter just like we would an array.


http://www.linkedin.com/news?viewArticle=&articleID=55481685&gid=
113435&articleURL=http%3A%2F%2Fwww.insideria.com%2F2009%2F08%2Fas-3-
rest-parameter.html&urlhash=9xja&trk=news_discuss

Key ways to reduce vulnerability and improve security in SCORM

Key ways to reduce vulnerability and improve security.

• Audit trails and accountability. Have a second source of data to cross-check. Ideally this data should be automatically collected. Data sent to a SCORM or AICC LMS is also sent to a Questionmark Perception server via a different data conduit.
• Secured Communication. Transfer responsibility for the result data to a server. Questionmark’s secure server-to-server implementation of AICC does this.
• Increased Client/Browser Security. Reduce the attack surface of the runtime. Use a Secured Browser that disables or limits functionality not directly needed for the primary activity. Questionmark Secure is a browser that does this for AICC or SCORM.
• Direct Proprietary Communication. This approach works by centralizing the chain-of-custody for the data to one trusted provider. Questionmark Perception can manage the process completely from authoring to scheduling to delivery to reporting.

Audit trails. Keeping parallel records such as with a double-entry accounting system is one way to achieve an audit trail. Having such an audit trail is key to identifying and recovering from errors or misdeeds. Questionmark provides capabilities for such an audit trail through both its SCORM and its AICC implementations. Perception achieves increased security and this audit trail by sending data to the LMS using the SCORM or AICC standard and, in parallel, sending data directly to the secure Perception server database. In the case of an error or misdeed, the LMS system results and the results in the secured Perception database can be compared to recover from either a security breach or an error.

Secured Server-to-Server Communication. In the cheatlet exploit, the openness of the published SCORM API and the browser JavaScript layer are used to inject false data from the client side. One way to increase the security is to remove this client side vulnerability and use AICC instead of SCORM. The innovative Perception server-to-server implementation of the AICC HACP specification demonstrates this, by having the browser relay minimal data to the Perception server. The client is not capable of directly injecting falsified overall score data. The Perception server is ultimately responsible for judging response and data communication with the LMS, not the browser client.

Increased Browser Security. As currently implemented, this exploit relies on user access to the UI to open a bookmark. Changes to the launch environment (browser) can reduce this vulnerability. The Questionmark Perception Secure Browser is a commercialized browser solution built for the rigorous requirements of high-stakes testing environments. When a participant takes an online assessment using Questionmark Secure, the secure browser displays the HTML content of the assessment, but disables key functions such as task-switching, right click options, screen captures, menus and printing. There simply isn’t a means to access a menu or bookmark to trigger.

Direct Proprietary Communication In this scenario, one trusted party is responsible for the full span of access, delivery, and results. It does run somewhat contrary to cybersecurity practice of published protocols and specifications that can bear wide scrutiny. It can also undermine interoperability, something near and dear to my heart. In the long run, I believe you’ll find Questionmark moving in directions that addresses these type of concerns.

However, there are many valid circumstances where the values of single party chain of custody and trusted relationship trumps other concerns. High stakes test are often the prime case for this, and it is critical to expand cyber-defense-in-depth with adjunct security measures (such as tight control of source materials, exam monitors, proctors/invigilators).

Work-around versus defend-against. Finally, as an exercise for the reader, you may consider reading the the two ADL workarounds published April 2, 2009. You’ll find that the excerpt on Securing Your Assessments provides a means of masking the location of answer-judging source code sent to the client by some systems. While useful, it doesn’t provide the same security and depth of defense as other approaches. Consider for instance using Questionmark Secure (prevents ‘view source’) with the Perception SCORM implementation (adds audit trail) and Perception server-side evaluation logic (secures the evaluation logic on the server-side). That is defense in depth. One might even replace SCORM with AICC in this case for additional security in addition to or in lieu of Questionmark Secure.

Courtesy-- TechRepublic

Domain Specific Languages (DSLs)

Domain Specific Languages (DSLs) are specialized languages that are targeted for a specific problem area or domain. These rely on the jargons of domain experts and provide fluency for them to communicate with your application. There are two types of DSLsexternal and internal. While internal DSLs rely on a host language they currently lack tools for validation. External DSLs on the other hand require parsing, but can benefit from good validation before processing. In this presentation you'll learn about DSLs, their characteristics, and how to edit, parse, and validate external DSLs using Java based tools.