Posts tagged PBE

Developing games with PushButton Engine – Understanding Local Flash Player Security

Jan 25th

As I spend more and more time on the PushButton Engine Forums, it’s funny how often the same topic seems to come up. Today a topic showed up again, regarding running Flash swf files locally. You see this same topic in many different flavors…

When I email my game to the client it won’t run on his computer
Playing the game only works inside my Flash Builder (or Flex Builder) project development folder
My game worked perfectly in one folder, but no longer works when moved to another folder

These issues are all part of the same underlying problem, a misunderstanding of Flash Player Security.

The first question you should ask yourself is… what security sandbox type is my game running in?

What is a Sandbox Type?

The sandbox type indicates the type of security zone in which the SWF file is operating.

Please remember that the security sandbox is determined at runtime, not compile time!

In the PushButton Engine we make identifying the security sandbox easy. When your game starts it logs the security sandbox that your swf is currently running (you can also get this by using the built in “version” console command). It looks like this:

PBE - PushButton Engine - r841 (ZaaBot build #97) - flash - localTrusted

In this case, the game is running in “localTrusted”. Most games that you run from Flash Builder will run in the localTrusted sandbox type. This is because Flash Builder configures your system to trust files in Flash Builder project directories. This is meant to make our lives easier as Flash developers… but it can cause confusion.

So what are the types of sandboxes?

In Flash Player, all SWF files are placed into one of four types of sandbox:

remote All files from non-local URLs are placed in a remote sandbox. Basically anything loaded from the web (ex: http, https) falls into this category. There is no access to the local filesystem.

local-with-filesystem This is the default sandbox for local files. SWF files in this sandbox may not contact the Internet (or any servers) in any way. They may not access network endpoints with addresses such as http URLs.

local-with-networking A SWF file in this sandbox may communicate over the network but may not read from local file systems. It is the exact opposite of local-with-filesystem.

local-trusted This sandbox is not restricted. Any local file can be placed in this sandbox if given authorization by the end user. This authorization can come in two forms: interactively through the Settings Manager or non-interactively through an executable installer (or created manually) that creates Flash Player configuration files on the user’s computer.

I added use-network=false to the compiler / flex-config file and it fixed it!

That’s great, but you still need to understand what is happening.

When you add the “use-network=false” parameter to your compilation, you are forcing the swf into the local-with-filesystem sandbox (“user-network=true” forces local-with-networking). This may end up giving you the desired behavior that you want, a swf that will run locally when you send it to your client or friends. However, you may run into some issues later on.

What if you and your friends were competitive, and you then decided your game needs to post a high score? You would need to make a request to a server to submit the score. When running in the local-with-filesystem sandbox you are not able to make requests of any kind to the internet, and therefore you can’t post to the score board.

So what is the solution?

You could teach all of your friends how to setup their game to run in localTrusted, by configuring their security files. But there has got to be a better way.

Well there is, and it all depends on how you plan to deploy your game.

I want to distribute a local game.

The recommended way to distribute flash games to be run locally is using the Adobe AIR runtime. It’s a great platform, and gives you much more flexibility and functionality.

I want to put it on a website.

So the best way to test your game then would be, to put it on a website. Now don’t get scared, this isn’t going to change your development workflow all that much.

The simplest way to simulate a local swf running on a website would be to have a local web-server running on you box. I highly recommend WAMP for Windows, MAMP for Mac OS X and LAMP for you Linux folk.

You then build your game (setup your output directory to drop the files in the web root) and launch your web-browser. Running a game swf from http://localhost will put your swf into the “remote” sandbox. You will want to do all of your testing within this sandbox, because it best mirrors the environment when you deploy your game to the web.

More Information

This post is just a brief overview of a very complex topic, for more information check out these resources:

Flash Player Security Basics

A full hour presentation from MAX 2008 by Deneb Meketa, explaining how Flash Player Security works and why it does it that way (if you don’t want to watch the whole thing, 47:12 is where it talks about local file security). I highly recommend everyone watch it:
Understanding the Flash Player Security Model

Actionscript, PBE, PushButton Engine, Security, Tip of the day

Developing games with PushButton Engine – Using the Console

Nov 25th

Posted by Nate Beck in Actionscript

4 comments

One really cool feature that we have built into the PushButton Flash Game Engine is a console.

Using the Console

The only thing you need to do to include the Console into your project is call PBE.startup().

package
{
	import flash.display.Sprite;
	import com.pblabs.engine.PBE;
 
	public class HelloConsole extends Sprite
	{
		public function HelloConsole()
		{
			PBE.startup(this);
		}
	}
}

Once your game is running, to access the console press the default hot key, which is the Tilde (~) / Grave (`) key.

As of this post, the latest revision of the PushButton Engine is revision 702. In this version there are some commands registered by default:

help – List known commands.
clear – Clears the console history.
listDisplayObjects – Outputs the display list.
showFps – Show an FPS/Memory usage indicator.
verbose – Set verbosity level of console output.
version – Echo PushButton Engine version information.

Quick Tricks

The console supports a few shortcuts to make your life easier:

The console is not case-sensitive, so don’t worry if you put showFps or shOwFPS, the same command will execute.
You can use the up and down arrows to move through your command history.
By pressing enter on an empty command line, you can add new lines. This is helpful for adding space between commands to make it easier to read.
You can use the “name” property on a DisplayObject to make meaningful names show up in the listDisplayObjects command.
Different Log Levels are colored by default, to change the colors edit com.pblabs.engine.debug.LogColor.

Creating custom commands for the console

The PBE console also supports the ability for the developer to add their own commands.

package
{
	import com.pblabs.engine.PBE;
	import com.pblabs.engine.debug.Console;
	import com.pblabs.engine.debug.Logger;
 
	import flash.display.Sprite;
 
	public class ConsoleCommand extends Sprite
	{
		public function ConsoleCommand()
		{
			PBE.startup(this);
			Console.registerCommand("test", onTestCommand, "This is a test command.");
			Console.registerCommand("testStrict", onTestStrict, "Test strict parameters.");
		}
 
		protected function onTestCommand(... args):void
		{
			Logger.print(this, "onTestCommand: "+args);
		}
 
		protected function onTestStrict(str:String, num:Number):void
		{
			Logger.print(this, "You passed in the string: "+str);
			Logger.print(this, "You passed in the number: "+num);
		}
	}
}

Parameters are passed in sequence using spaces. So to run the test command, I would open the console, and then type “test a b c 1 2 3″. This would then call the onTestCommand method and pass in an array with 6 elements.

Below is an example of what using custom commands in the console looks like.

Changing the Console HotKey

Some of our good friends over in the Netherlands use different keyboard layouts, so they requested the ability to change the hot key binding to another key.

package
{
	import com.pblabs.engine.PBE;
	import com.pblabs.engine.core.InputKey;
	import com.pblabs.engine.debug.Console;
	import com.pblabs.engine.debug.Logger;
	import com.pblabs.engine.debug.UIAppender;
 
	import flash.display.Sprite;
	import flash.display.StageAlign;
	import flash.display.StageScaleMode;
 
	public class TestConsole extends Sprite
	{
		public function TestConsole()
		{
			PBE.startup(this);
 
			UIAppender.hotKey = InputKey.C.keyCode;
			Console.registerCommand("test", onTestCommand, "My test command");
		}
 
		protected function onTestCommand(... args):void
		{
			Logger.print(this, "onTestCommand: "+args);
		}
	}
}

WARNING!!! When changing the hot key to another key, the input textfield doesn’t escape the new key binding. So you must remove focus from the input field to use the hot key to close the console.

More information on this can be found in issue 98.

What’s coming?

I do have plans on adding either tab-complete or a drop-down auto complete list into the console which will match avaliable commands.

Another thing that I’m currently working on is code-named Tumbler. It’s and Adobe AIR version of the console which has additional features to assist in debugging and troubleshooting your games.

It’s a proof-of-concept at the moment… but if there is enough interest in it… I may spend more time on it.

Console, PBE, PushButton