Hello Jonathan, You could protect swfs over RTMP via Red5 to make sure of a > correct referrer.
> You could also load in an encrypted SWF that contains a secondary > encrypted Binary file that self-decrypts ( and runs ) and is responsible for > referrer / self-authentication over HTTPS / RTMP. Any examples or maybe pointers to articles that elaborate on these techniques? Thanks, Marcelo. On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote: > > yeah but you can't protect against everything. you can encrypt your swfs, > decrypt them clientside but that could also ultimately be faked given enough > time and data capture. > You could protect swfs over RTMP via Red5 to make sure of a > correct referrer. You could also load in an encrypted SWF that contains a > secondary encrypted Binary file that self-decrypts ( and runs ) and is > responsible for referrer / self-authentication over HTTPS / RTMP. > > > On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote: > > Red the URL from the browser and see if the domain is valid. I forget how > > to get it normally but in Flex you get it this way > > > > Yes, but one could possibly decompile the SWF and remove this code (since > it is client side). > > On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote: > > > > Red the URL from the browser and see if the domain is valid. I forget > > how to get it normally but in Flex you get it this way > > Application( Application.application ).url > > > > On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote: > > > > It's perhaps a solutionbut i prefer using a referer like in Flash Media > > Server > > I don't find it in RED5 > > > > Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit : > > > > Hmm.. yep, haven't though about the domain restrictions of the player, > > it might work! > > > > @Paul: Afaik, it works like this: When the player downloads a SWF from a > > domain, it looks for a crossdomain.xml file that in turns contains rules > > on which other domains are allowed to play your SWF files you are serving > > through your domain. Please someone correct-me if I'm wrong. > > > > Cheers, > > > > Marcelo. > > > > On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> wrote: > > > > > > Thanks Paul :) Add a cross-domain policy, which prevents unauthorized > > > domains from accessing your assets. > > > but how ?? > > > > > > Le 3 nov. 07 à 14:42, paul|LOWRES a écrit : > > > > > > maybe a cross-domain policy is, what you are looing for? > > > http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html > > > > > > > > > cheers, > > > paul > > > > > > > > > Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa: > > > > > > Hello Jean, > > > > > > I'm also searching for a way to restrict my flash application in a > > > domain. Actually I thought in serving the SWF through a script instead of > > > letting the webserver serve it so that I could do this referrer check > > > server-side (Using Ruby/Rails or PHP for example). Code to check the > > > referrer in the SWF could work but someone could decompile your SWF and > > > remove this check. > > > > > > If someone got some ideas regarding that, please share! > > > > > > Marcelo. > > > > > > On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> wrote: > > > > > > > > Hello, > > > > > > > > I would like to protect my application, do a referrer in fact > > > > I've tried this code but the server never run with that : > > > > > > > > public boolean appConnect(IConnection conn, Object[] params) { > > > > String pageUrl = (String)conn.getConnectParams().get( "pageUrl"); > > > > log.debug( "L'URL de la pages est : " +pageUrl); > > > > if(pageUrl != "*http://mydomain* <http://mydomain/>"){ > > > > return false; > > > > } > > > > Can you show me the way, in order to my appli just run under my > > > > domain ? > > > > > > > > Thanks guys > > > > > > > > JP > > > > > > > > _______________________________________________ > > > > osflash mailing list > > > > [email protected] > > > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > > > > > > _______________________________________________ > > > osflash mailing list > > > [email protected] > > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > > > > _______________________________________________ > > > osflash mailing list > > > [email protected] > > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > > > > > > > _______________________________________________ > > > osflash mailing list > > > [email protected] > > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > > > _______________________________________________ > > osflash mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > _______________________________________________ > > osflash mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > > > > _______________________________________________ > > osflash mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > >
_______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
