Marcelo,
If I may chime in this discussion.. what are you trying to protect?
The actual swf or access to services exposed in the swf?
cheers,
Sam
On Nov 4, 2007, at 6:42 PM, Jonathan Valliere wrote:
Marcelo,
As far as referrer checking, your going to need to search google or
get in touch with a Red5 developer ( put it on the Red5 mailing
list ).
Encryption: You can load in SWF binary via ByteArray and encryption
can be done with ByteArray data ( that can be loaded via ..
Loader ?? ). Essentially you encrypt your SWF binary ( and store it
encrypted on the server ) and load it in over HTTPs and decrypt it
based on a public/private key based on a secondary encryption
mechanism located inside the first one and load into a SWFLoader at
runtime. Run the entire application over HTTPs with cache off and
it should be pretty dam secure.
http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Encryption
http://en.wikipedia.org/wiki/Topics_in_cryptography
I bet there are a lot of good books on Cryptography.
-Jon
On Nov 4, 2007, at 7:24 PM, Marcelo de Moraes Serpa wrote:
Hello Jonathan,
You could protect swfs over RTMP via Red5 to make sure of a correct
referrer.
You could also load in an encrypted SWF that contains a secondary
encrypted Binary file that self-decrypts ( and runs ) and is
responsible for referrer / self-authentication over HTTPS / RTMP.
Any examples or maybe pointers to articles that elaborate on these
techniques?
Thanks,
Marcelo.
On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote:
yeah but you can't protect against everything. you can encrypt
your swfs, decrypt them clientside but that could also ultimately
be faked given enough time and data capture.
You could protect swfs over RTMP via Red5 to make sure of a correct
referrer. You could also load in an encrypted SWF that contains a
secondary encrypted Binary file that self-decrypts ( and runs ) and
is responsible for referrer / self-authentication over HTTPS / RTMP.
On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote:
Red the URL from the browser and see if the domain is valid. I
forget how to get it normally but in Flex you get it this way
Yes, but one could possibly decompile the SWF and remove this code
(since it is client side).
On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED] > wrote:
Red the URL from the browser and see if the domain is valid. I
forget how to get it normally but in Flex you get it this way
Application( Application.application ).url
On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote:
It's perhaps a solution
but i prefer using a referer like in Flash Media Server
I don't find it in RED5
Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit :
Hmm.. yep, haven't though about the domain restrictions of the
player, it might work!
@Paul: Afaik, it works like this: When the player downloads a
SWF from a domain, it looks for a crossdomain.xml file that in
turns contains rules on which other domains are allowed to play
your SWF files you are serving through your domain. Please
someone correct-me if I'm wrong.
Cheers,
Marcelo.
On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]>
wrote:
Thanks Paul :)
Add a cross-domain policy, which prevents unauthorized domains
from accessing your assets.
but how ??
Le 3 nov. 07 à 14:42, paul|LOWRES a écrit :
maybe a cross-domain policy is, what you are looing for?
http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html
cheers,
paul
Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa:
Hello Jean,
I'm also searching for a way to restrict my flash application
in a domain. Actually I thought in serving the SWF through a
script instead of letting the webserver serve it so that I
could do this referrer check server-side (Using Ruby/Rails or
PHP for example). Code to check the referrer in the SWF could
work but someone could decompile your SWF and remove this check.
If someone got some ideas regarding that, please share!
Marcelo.
On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]>
wrote:
Hello,
I would like to protect my application, do a referrer in fact
I've tried this code but the server never run with that :
public boolean appConnect(IConnection conn, Object[] params) {
String pageUrl =
(String)conn.getConnectParams().get( "pageUrl" );
log.debug( "L'URL de la pages est : " +pageUrl);
if(pageUrl != "http://mydomain";){
return false;
}
Can you show me the way, in order to my appli just run under
my domain ?
Thanks guys
JP
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
