protecting something is all about making hard to access so imho anything that can make a SWF hard to get is good
so to make a big answer to everyone point by point Gregory wrote: > Yes, using some server-side solution can beat 90% of amateur > "thieves". But, as mentioned above, it's only about web page. > As obfuscation can beat 90% of amateur "joe-user-using-a-decompiler" But not the 10% rest of user who gonna either be motivated or skilled enougth to unobfuscate the code... steve wrote: > Fair enough, but then you also block all your regular visitors who have > JavaScript disabled from accessing your SWF file. For me someone who does not want to execute JavaScript also does not want to execute plugins and how many users gonna do that ? like 0,001% ? > Anyway, ultimately the swf file will be loaded from somewhere > (via physical file or script) and I can just point wget at that file > instead. That can be obfuscated too Nathan wrote: > Proxy sniffers are also easy to come by, easy to use, and give you > the option to save any of the files locally. Yes, for you Not everybody find a sniffer that easy to use, or even would have the idea to use one just because they didn't even know that something like that exists Dave wrote: > While this is true for wget, there are engines that will execute > Javascript to extract URLs, then fetch those URLs. Texis' Webinator > does this. It's also relatively easy to do this using Windows Script > functionality. I ended up writing scripts for exactly this purpose - to > fetch Javascript URLs. Yes ok, but are you considering yourself as a lambda user ? I think not :) > In addition, as others have mentioned, it's very easy to capture > anything through a proxy. SSL doesn't prevent this, either. Yes I know that, others people on this list know that, But are lambda users know that or have the skill to do that ? Protecting something is all about numbers a) foobar.swf no protection, no obfuscation, nothing accessible in the browser cache b) how many % of users will just know that they can decompile the SWF with some tools as ASV or others ? c) how many % users will want so bad the source code of the SWF to actually buy the tool to decompile it ? d) add obfuscation how many % of users will be motivated and skilled enougth to reverse the obfuscation ? e) add SSL + prevent SWF caching how many % users will be motivated and skilled enougth to set up and use a proxy and/or a HTTP sniffer ? etc. the more you add, the more you reduce the % of users who will actually go all the trouble to get the SWF, decompile it, etc. you will never obtain 100% code protection but if the goal is to protect the code with "tricks" any tricks are good, even the dumb one as renaming extensions *.swf to *.gif and honestly I was just mentioning another trick, no more zwetan _______________________________________________ Flashcoders mailing list [email protected] http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
