Ruby on Rails, but I also use Django, Plone and Zope. So, basically Ruby and Python.
On Nov 6, 2007 8:01 PM, Samuel Agesilas <[EMAIL PROTECTED]> wrote: > Marcelo, > > Ahh... ok. Cool! If I may ask another question that I neglected to > post and that is what kind of back end technology are you using? Java, > PHP, ASP.NET? > > Cheers, > Sam > > > On Nov 6, 2007, at 3:54 PM, Marcelo de Moraes Serpa wrote: > > > Hello Samuel, > > > >> If I may chime in this discussion.. what are you trying to protect? > >> The > >> actual swf or access to services exposed in the swf? > > > > Yes, it wans't clear. Actually I'm not really trying to protect the > > SWF but instead restrict the ways it can be served. Mine is an > > application somewhat like youtube but more restricted, so, I wouldn't > > want anyone to get the URL and play the videos anywhere (outside of > > the allowed domain). > > > > On Nov 6, 2007 4:41 PM, Samuel Agesilas <[EMAIL PROTECTED]> wrote: > >> Marcelo, > >> > >> If I may chime in this discussion.. what are you trying to protect? > >> The > >> actual swf or access to services exposed in the swf? > >> > >> cheers, > >> Sam > >> > >> > >> > >> On Nov 4, 2007, at 6:42 PM, Jonathan Valliere wrote: > >> > >> Marcelo, > >> > >> As far as referrer checking, your going to need to search google or > >> get in > >> touch with a Red5 developer ( put it on the Red5 mailing list ). > >> > >> Encryption: You can load in SWF binary via ByteArray and > >> encryption can be > >> done with ByteArray data ( that can be loaded via .. Loader ?? ). > >> Essentially you encrypt your SWF binary ( and store it encrypted on > >> the > >> server ) and load it in over HTTPs and decrypt it based on a public/ > >> private > >> key based on a secondary encryption mechanism located inside the > >> first one > >> and load into a SWFLoader at runtime. Run the entire application > >> over HTTPs > >> with cache off and it should be pretty dam secure. > >> > >> http://en.wikipedia.org/wiki/Public-key_cryptography > >> > >> http://en.wikipedia.org/wiki/Encryption > >> > >> http://en.wikipedia.org/wiki/Topics_in_cryptography > >> > >> I bet there are a lot of good books on Cryptography. > >> > >> -Jon > >> > >> > >> On Nov 4, 2007, at 7:24 PM, Marcelo de Moraes Serpa wrote: > >> Hello Jonathan, > >> > >>> You could protect swfs over RTMP via Red5 to make sure of a correct > >> referrer. > >> > >> > >>> You could also load in an encrypted SWF that contains a secondary > >> encrypted Binary file that self-decrypts ( and runs ) and is > >> responsible for > >> referrer / self-authentication over HTTPS / RTMP. > >> > >> > >> Any examples or maybe pointers to articles that elaborate on these > >> techniques? > >> > >> Thanks, > >> > >> Marcelo. > >> > >> > >> > >> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote: > >>> > >>> yeah but you can't protect against everything. you can encrypt > >>> your swfs, > >> decrypt them clientside but that could also ultimately be faked > >> given enough > >> time and data capture. > >>> > >>> > >>> You could protect swfs over RTMP via Red5 to make sure of a correct > >> referrer. You could also load in an encrypted SWF that contains a > >> secondary > >> encrypted Binary file that self-decrypts ( and runs ) and is > >> responsible for > >> referrer / self-authentication over HTTPS / RTMP. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote: > >>> > >>> > >>>> Red the URL from the browser and see if the domain is valid. I > >>>> forget > >> how to get it normally but in Flex you get it this way > >>>> > >>> > >>> Yes, but one could possibly decompile the SWF and remove this code > >>> (since > >> it is client side). > >>> > >>> > >>> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED] > wrote: > >>>> > >>>> Red the URL from the browser and see if the domain is valid. I > >>>> forget > >> how to get it normally but in Flex you get it this way > >>>> > >>>> > >>>> Application( Application.application ).url > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote: > >>>> > >>>> It's perhaps a solution > >>>> but i prefer using a referer like in Flash Media Server > >>>> I don't find it in RED5 > >>>> > >>>> > >>>> > >>>> Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit : > >>>> > >>>> Hmm.. yep, haven't though about the domain restrictions of the > >>>> player, > >> it might work! > >>>> > >>>> @Paul: Afaik, it works like this: When the player downloads a SWF > >>>> from a > >> domain, it looks for a crossdomain.xml file that in turns contains > >> rules on > >> which other domains are allowed to play your SWF files you are > >> serving > >> through your domain. Please someone correct-me if I'm wrong. > >>>> > >>>> Cheers, > >>>> > >>>> Marcelo. > >>>> > >>>> > >>>> On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> wrote: > >>>>> > >>>>> Thanks Paul :) > >>>>> Add a cross-domain policy, which prevents unauthorized domains > >>>>> from > >> accessing your assets. > >>>>> but how ?? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Le 3 nov. 07 à 14:42, paul|LOWRES a écrit : > >>>>> > >>>>> > >>>>> > >>>>> maybe a cross-domain policy is, what you are looing for? > >>>>> > >>>>> > >>>>> > >>>>> > >> http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html > >>>>> > >>>>> > >>>>> cheers, > >>>>> paul > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa: > >>>>> > >>>>> Hello Jean, > >>>>> > >>>>> I'm also searching for a way to restrict my flash application in a > >> domain. Actually I thought in serving the SWF through a script > >> instead of > >> letting the webserver serve it so that I could do this referrer check > >> server-side (Using Ruby/Rails or PHP for example). Code to check the > >> referrer in the SWF could work but someone could decompile your SWF > >> and > >> remove this check. > >>>>> > >>>>> If someone got some ideas regarding that, please share! > >>>>> > >>>>> Marcelo. > >>>>> > >>>>> > >>>>> On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> > >>>>> wrote: > >>>>>> > >>>>>> > >>>>>> Hello, > >>>>>> > >>>>>> > >>>>>> I would like to protect my application, do a referrer in fact > >>>>>> I've tried this code but the server never run with that : > >>>>>> > >>>>>> > >>>>>> public boolean appConnect(IConnection conn, Object[] params) { > >>>>>> String pageUrl = > >>>>>> (String)conn.getConnectParams().get( "pageUrl" > >> ); > >>>>>> log.debug( "L'URL de la pages est : " +pageUrl); > >>>>>> if(pageUrl != "http://mydomain";){ > >>>>>> return false; > >>>>>> } > >>>>>> Can you show me the way, in order to my appli just run under my > >> domain ? > >>>>>> > >>>>>> > >>>>>> Thanks guys > >>>>>> > >>>>>> > >>>>>> JP > >>>>>> _______________________________________________ > >>>>>> osflash mailing list > >>>>>> [email protected] > >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>> > >>>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> osflash mailing list > >>>>> [email protected] > >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>> > >>>>> _______________________________________________ > >>>>> osflash mailing list > >>>>> [email protected] > >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> osflash mailing list > >>>>> [email protected] > >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> > >>>> > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> > >>>> > >>> > >>> > >>> _______________________________________________ > >>> osflash mailing list > >>> [email protected] > >>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>> > >>> _______________________________________________ > >>> osflash mailing list > >>> [email protected] > >>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>> > >>> > >> > >> _______________________________________________ > >> osflash mailing list > >> [email protected] > >> http://osflash.org/mailman/listinfo/osflash_osflash.org > >> _______________________________________________ > >> osflash mailing list > >> [email protected] > >> http://osflash.org/mailman/listinfo/osflash_osflash.org > >> > >> > >> _______________________________________________ > >> osflash mailing list > >> [email protected] > >> http://osflash.org/mailman/listinfo/osflash_osflash.org > >> > >> > > > > _______________________________________________ > > osflash mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
