November 13, 2006

When Developing Flash/Flex Apps, Remember To Remove Your Debugging Code!!

So there's this incredibly handy Firefox plugin out there called Flash Tracer that I have been using to develop my Flex applications. Essentially, it lets you view any debugging output (i.e., trace() statements) in a side panel of your Firefox browser during runtime without having to use the debug SWF file. Coupled with the tip that my co-worker Andy Trice posted a while back regarding using the ObjectUtil class to debug your code, this is an incredibly efficient and clean way to see what's going on in your code at run-time (for any ColdFusion developers reading this, it's the equivalent of a cfdump tag). I just keep the Flash Tracer panel open all the time because I use it so much.

However, one thing I have been noticing is that a lot of the commercial web sites that use SWFs to deliver some of their content (i.e, user polls, etc.) are leaving lots of trace() statements in their code, apparently on the assumption that since the user is not running the debug version of the SWF, they can't see the debug output. Well, that's no longer a safe assumption, and while I haven't seen any security exposures as yet, it does emphasize the point that you should always strip out your debugging code before deploying any SWFs to production. One site that I'll keep anonymous has so much debug junk in their code that it practically crashes my browser when I try and load their page!

Anyway, just keepin mind that debugging statements can be viewed outside of the debug SWF, and you'll be all set.

Posted By Dave on November 13, 2006 at 3:20 PM
Related Categories: Flex, Technology, Adobe

Comments (7) | Print | del.icio.us | Linking Blogs

Related Blog Entries

Getting the Flash Tracer Plugin To Work With The Latest Flash Player Release (December 28, 2006)

Comments

Hmm. The link says you DO need the debug player for it to work. Or did I just not read far enough ahead?

# Posted By Brian Williams on 11/13/06 at 3:52 PM

Yeah, the debug player is needed for the flash tracer plugin

# Posted By Chris Scottt on 11/13/06 at 4:18 PM

Hi Brian. Sorry if I wasn't clear. You need the debug *player* installed, but you don't have to use the debug *SWF* to see the trace() info. When you build your app in Flex Builder, for example, there's a regular SWF and a -debug.swf generated (i.e., main.swf and main-debug.swf). You usually only deploy the regular SWF file (main.swf) and so most developers would think "OK, I'm all safe with any lingering trace() statements." However, I've found that to *not* be the case, as any trace() statements are still output to the Flash Tracer console even if only hitting the main.swf file.

# Posted By Dave Carabetta on 11/13/06 at 5:07 PM

I guess you did this by implementing a server on port 7935. I've been looking into this matter as well and I found that, when implementing my server, I did not only needed the debug version of the player but I also needed to tick the "Debugging permitted" option on the publishing settings tab for the swf to connect to my server, or am I wrong? Also, if you have to tick this option then how can this work with a swf compiled with MTASC (lower version of the Flash Player use the same technique, don't they?)

# Posted By pan69 on 11/13/06 at 6:46 PM

I will add that when you publish content from Flash (AFAIK there isn't a similar option in Flex) you can choose to omit trace statements as one of the publishing options - that way you don't have to hunt down every little trace in your code.

# Posted By Rachel Maxim on 11/16/06 at 10:21 AM

Rachel, that's great to know. That's a definite wishlist item!

# Posted By Dave Carabetta on 11/18/06 at 5:22 PM

Still had this post showing up in my RSS reader which reminds me of an interesting (and obvious!) solution I read about.

Rather than using the standard trace() function, create a custom function (maybe in your standard utils package) that traces, but also checks for a global variable or some other method of disabling the trace (if ! debug then trace()) so that you can remove traces from your entire app by changing one variable (or function). Of course, it requires that you use the custom function so already-written apps may not be worth the effort :)
When I get around to writing it myself I'd be happy to share...

# Posted By Rachel Maxim on 12/6/06 at 2:23 PM

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

About Me

I'm Dave Carabetta and this is my slice of the web. I am on the Business Development team at Cynergy Systems, where we design and develop incredible software using Rich Internet Application technologies like Adobe Flex, Adobe AIR, Microsoft Silverlight and Microsoft WPF. If you're interested (or really confused), check out our CynergyTV showcase to see some examples. If you really want more details about who I am and how I got here, check out one of my very first posts to this blog.

Finally, all opinions expressed anywhere on this site are solely mine and not those of my employer. I intentionally keep this blog separate from our corporate blogs for this very reason.

Enter your email address to subscribe to this blog.

Archives By Subject

RSS Adobe (59)
RSS Apple (13)
RSS Blogging (18)
RSS ColdFusion (46)
RSS CSS (6)
RSS Cynergy Systems (8)
RSS Databases (6)
RSS Flex (45)
RSS Frameworks (20)
RSS Macromedia (4)
RSS Marketing (27)
RSS Microsoft (12)
RSS Misc (15)
RSS Model-Glue (7)
RSS Oracle (6)
RSS Personal (26)
RSS Ruby on Rails (3)
RSS Technology (73)

RSS

Aggregated By