So you wanna build a Flex application - Part 3 - The Datasets

To date, in our series on Surfing Stats, we have covered the intent, directory structure and the main application file. (download the code using the download link at the bottom of the the Intro to Surfing Stats post). Now we will look at the datasets.


ColdFusion style List Functions In ActionScript

Shannon Hicks just released an ActionScript library that makes working with delimited lists in ActionScript as easy as working with delimited lists in ColdFusion.

Now you can operate on delimited data with such familiar and handy functions as:

  • listAppend
  • listContains
  • listFirst
  • listLast
  • listLen
  • listToArray
  • and More!

Thanks Shannon!

4454 Views Print Print Comments (1) Flex, AIR

Flash Security with Off-Root CrossDomain.xml files

Bruce Phillips (You should check out his interesting Flex posts) let me know that my Surfing Stats data didn't load when the swf was located off my domain. I want others to take the code and do with it as they please so I need to make the data available across domains. This is done through the use of a crossdomain.xml file. The file I used looks like this:

view plain print about
1<?xml version="1.0"?>
3 <allow-access-from domain="*" />

This is a very promiscuous file. It allows anyone anywhere to load any data in the containing directory and all subdirectories. Such a promiscuous file also opens up security vectors. In the words of Lucas Adamski on DevNet:

As an example, a user is logged in to an e-commerce site that uses cookies for authentication. On the site is a user account settings page where you can see information such as your mailing address and other personally identifiable information. If this site has an overly permissive cross-domain policy file like *, a SWF file that is hosted on another domain could silently load the account settings data and send it elsewhere. This is because the browser appends the cookies for the e-commerce site to the request from Flash Player.

By default, the SWF looks for the crossdomain.xml file in the root of the website but with a little code, you can put it anywhere you please. I used this command to tell the SWF where to find the crossdomain.xml file:

view plain print about

Now, only the directory containing SurfingStats is enabled, reducing the surface area of attack. If you want to read more on the security issues with crossdomain.xml files, check out these links:
Poking new holes with Flash Crossdomain Policy Files
Cross-domain policy file usage recommendations for Flash Player
The Dangers of Cross-Domain Ajax with Flash

So you wanna build a Flex application - Part 2- Main Application File

In our series on Surfing Stats, we have covered the intent and the directory structure. (download the code using the download link at the bottom of the Intro to Surfing Stats post) We will now cover the main application file. It is important to note Surfing Stats does not use a framework. Frameworks are powerful code organization tools that contribute to rapid development and maintainability. Since the goal of Surfing Stats is to teach development of a simple application in 4 hours, I made the decision to avoid discussing or implementing any framework. After all, if you do not have the skills to build an application without using a framework, you probably do not have any business using a framework to build an application.


So you wanna build a Flex application - Part 1- Directory Structure

In our initial article, we introduced Surfing Stats, a Flex application providing a multi-view interface for examining Blog CFC statistics. (download the code using the download link at the bottom of the Intro to Surfing Stats post) As in all programming, code organization is important. For the Surfing Stats application, all source code is located in a src directory located off the project root. Our source files are a mixture of visual assets, css style sheets, MXML files and ActionScript files. In addition to type we also distinguish between purpose. This is the directory structure:


Introducing Surfing Stats

I have finished coding my application for my hands-on session at 360:Flex Atlanta. The goal of the session is to walk attendees through building a simple application. You may download the source code for Surfing Stats using the download link.

The Flex framework is very powerful and offers lots of powerful functionality. I had trouble limiting myself in scope. I only have 4 hours to teach so I want to make sure I leave the students with a functional and instructive application.

Without futher ado, I want to introduce Surfing Stats. This application consumes XML data from my BlogCFC installation at and displays the data in table, bar chart and pie chart format. Each dataset is represented as a tab. Clicking on the tab enables the relevant display options.

In the next few weeks I'll wrap up the course materials of the session. I'll probably blog some to finalize my thinking on the session. I do not expect to trim any base functionality of Surfing Stats, though there are several fancy add-ons in the current version we will cover should the class progress at a quick pace.

As a reminder, 360:Flex Atlanta will be held February 25-27, 2008 in Atlanta, GA. If you would like to learn how to build an XML fed charting application with the Flex Platform, attend my hands on session.

Download Download

Good, now I can buy more music

According to the BBC, Warner music is now making DRM-Free music tracks available on This makes me happy because I have put off purchasing a lot of music due to the DRM debacle.

Simply put, I don't want to be arbitrarily restricted in my usage of property I've bought and paid for. Imagine the response from Warner if I tried to dictate how they can spend money I paid to them?

"Warner, Purchase a new potted plant and place it in the corporate Headquarters. You will pick the dead leaves from aforementioned plant. You will not water it twice on even numbered days...."

So cheers to Warner. May you make more money as a result of your decision.

Great use of CFGrid and CF8 at

One of my good friends, Rama Marupilla, showed me a recent project where he used CFGrid to make a searchable, filterable restaurant locater. Have a look at

This page is a great illustration about how the power of ColdFusion 8, in the hands of a great developer, can enable powerful and relevant functionality.

Great Job Rama, thanks for sharing!

Frameworks, Generators and Understanding How and Why

Reading the always informative blog at, I came across a thought provoking paragraph that bears repeating. ( ) If you answer the question "How?" first, people tend not to ask "Why?" for quite some time. On the flip side, you will have people doing their parts rather quickly thus producing enormous amount of code to fix when the design problems become evident. The problem with formal coding techniques is the human generated code (thus cut/paste errors) without the ultimate understanding how it will be used and very little testing done while writing the code.


Fix for annoying Where is the Debugger or Profiler running? popup

Shannon Hicks, who is a wealth of Flex Knowledge, gave me the solution for this problem. Apparently, an earlier version of the Flash Debug player incorrectly assumed debugging mode.

The solution is to use an updated Flash Debug player. You can find a suitable version inside the installation for Flex Builder 3. Mine was located here:

view plain print about
1C:\Program Files\Adobe\Flex Builder 3\Player\win

I am using Flex Builder 3 Beta 2 and it works. Later beta versions of Flex Builder include the correct version of Flash Player as well.

Thanks Shannon for helping me with this. It was DRIVING ME NUTS!

8998 Views Print Print Comments (2) Flex, AIR