yeah but you can't protect against everything. you can encrypt your
swfs, decrypt them clientside but that could also ultimately be faked
given enough time and data capture.
You could protect swfs over RTMP via Red5 to make sure of a correct
referrer. You could also load in an encrypted SWF that contains a
secondary encrypted Binary file that self-decrypts ( and runs ) and
is responsible for referrer / self-authentication over HTTPS / RTMP.
On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote:
Red the URL from the browser and see if the domain is valid. I
forget how to get it normally but in Flex you get it this way
Yes, but one could possibly decompile the SWF and remove this code
(since it is client side).
On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote:
Red the URL from the browser and see if the domain is valid. I
forget how to get it normally but in Flex you get it this way
Application( Application.application ).url
On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote:
It's perhaps a solution
but i prefer using a referer like in Flash Media Server
I don't find it in RED5
Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit :
Hmm.. yep, haven't though about the domain restrictions of the
player, it might work!
@Paul: Afaik, it works like this: When the player downloads a SWF
from a domain, it looks for a crossdomain.xml file that in turns
contains rules on which other domains are allowed to play your
SWF files you are serving through your domain. Please someone
correct-me if I'm wrong.
Cheers,
Marcelo.
On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> wrote:
Thanks Paul :)
Add a cross-domain policy, which prevents unauthorized domains
from accessing your assets.
but how ??
Le 3 nov. 07 à 14:42, paul|LOWRES a écrit :
maybe a cross-domain policy is, what you are looing for?
http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?
content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html
cheers,
paul
Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa:
Hello Jean,
I'm also searching for a way to restrict my flash application
in a domain. Actually I thought in serving the SWF through a
script instead of letting the webserver serve it so that I
could do this referrer check server-side (Using Ruby/Rails or
PHP for example). Code to check the referrer in the SWF could
work but someone could decompile your SWF and remove this check.
If someone got some ideas regarding that, please share!
Marcelo.
On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]>
wrote:
Hello,
I would like to protect my application, do a referrer in fact
I've tried this code but the server never run with that :
public boolean appConnect(IConnection conn, Object[] params) {
String pageUrl = (String)conn.getConnectParams().get
( "pageUrl" );
log.debug( "L'URL de la pages est : " +pageUrl);
if(pageUrl != "http://mydomain";){
return false;
}
Can you show me the way, in order to my appli just run under my
domain ?
Thanks guys
JP
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
