Archive for March, 2009

New Doc on Flex Gumbo States Available

Here is new documentation on Flex Gumbo view states, including the new syntax for defining states in Gumbo.

Download the PDF: Using States

Writing secure Flex apps with help from SWFScan

Slashdot has an interesting entry on Flash security today. It features HP’s SWFScan utility that decompiles and scans SWF files, and reports any vulnerabilities that it finds.

What I found really useful was the list of vulnerabilities that SWFScan looks for. You can read through them (there’s about 50) as sort of a “refresher” on what a secure app should look like. To do that:

  1. Download and install SWFScan from
  2. Run SWFScan.
  3. Click the Settings button. The Settings dialog box displays.
  4. Select the Checks tab. Then just click on each one of hte items to read about the vulnerability and the potential fix for it.

Good stuff! The tool runs on Windows only, unfortunately.

New Doc on Flex Gumbo Efffects

Here is new documentation on Flex Gumbo effects. You can use these effects with all Flex components.

Download the PDF:Using Spark Effects

Simple Twitter client in Flex

There’s been an increase in talk about Twitter lately, so I decided to try my hand at building a simple client that displays Twitter messages in Flex. Turns out, it was even easier than I thought, so I’ll share it in a quick blog entry.

I used an HTTPService with the resultFormat set to e4x to get the status information. In the result handler, I set the result to an XML object. has some very comprehensive documentation that cover all the service call APIs and return types here:

To display the Twitter statuses, I used an inline item renderer inside a List control. Simple to do and it looks good for a minimum amount of effort.

You need a proxy page that requests data from Twitter, since does not have an open crossdomain.xml file. In this case, we have an ASP.NET server available with an open crossdomain file, so my proxy page (twit.aspx) is written in C# and put up on that server. I am more familiar with PHP server-side code, so it was a little tricky to get the C# syntax right.

My ASPX syntax uses the System.Net.WebClient.DownloadData() method to do the same thing that the file_get_contents() PHP function does.

If you have a PHP server, there’s already an example written in PHP that you can also look at:

Twitter statuses are sent out every 60 seconds, so I used a timer that calls send() on the HTTPService every 60 seconds. This is configurable, too, but there’s no point in making the updates shorter than 60 seconds, according to the Twitter documentation.

This example is currently set up so you can use the twit.aspx page on as a test page. You just pass a username to it with a GET request, setting the p parameter to the username you want to track. In my example, I hardwired my Twitter address so you can see it running, but you can put any username in there that you want when you build your own client. Please don’t use the service for production reasons, or we’ll have to lock it down.

Download the files mentioned in this article:
Download file (2K)