Hi zwetan,
Neither of your 'solutions' is even remotely unbeatable. I can get
around both of them with the wget command-line tool, which is a
standard install on most flavours of linux. There are others that do
the same thing, and any download accelerator program for Windows will
also be able to download the file.
I can block wget with just JavaScript ;)
Fair enough, but then you also block all your regular visitors who
have JavaScript disabled from accessing your SWF file. Anyway,
ultimately the swf file will be loaded from somewhere (via physical
file or script) and I can just point wget at that file instead.
Safari's Activity window will show me all URLs loaded as part of the
page, so I just just copy it from there.
Obfuscation is the only way to protect your code, and even then I
wouldn't consider it 'almost unbeatable'.
I still think obfuscation is not the only way...
I think we'll probably have to agree to disagree here. Since the
Flash file *has* to be downloaded to the client for playback, it can
be downloaded to the client for de-compiling.
I wouldn't normally mind people protecting their own stuff using the
methods you described, but when you're advising others it's important
to make sure the advice you're giving out is sound. Either that, or
tell people of the potential problems with your solution rather than
just saying that it's 'almost unbeatable'.
Sorry if I sound confrontational, but security is a bugbear of mine.
--
Steve Webster
Head of Development
Featurecreep Ltd.
www.featurecreep.com
14 Orchard Street, Bristol, BS1 5EH
0117 905 5047
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
