Yes Jonathan, that's exactly what I am doing with Ruby on Rails - serving it through the apache but the request goes to a ruby script before the application decides if it can be served or not. The remaingin question is how to restrict the player to a specific domain or subdomains.
On Nov 6, 2007 9:29 PM, Jonathan Valliere <[EMAIL PROTECTED]> wrote: > Instead of serving your player directly via http. You can use python > as the URL to return the SWF binary in the response if access is > granted. > > Sent from my mobile device > > On Nov 6, 2007, at 5:39 PM, "Marcelo de Moraes Serpa" <[EMAIL PROTECTED] > > > wrote: > > > Ruby on Rails, but I also use Django, Plone and Zope. So, basically > > Ruby and Python. > > > > On Nov 6, 2007 8:01 PM, Samuel Agesilas <[EMAIL PROTECTED]> wrote: > >> Marcelo, > >> > >> Ahh... ok. Cool! If I may ask another question that I neglected to > >> post and that is what kind of back end technology are you using? > >> Java, > >> PHP, ASP.NET? > >> > >> Cheers, > >> Sam > >> > >> > >> On Nov 6, 2007, at 3:54 PM, Marcelo de Moraes Serpa wrote: > >> > >>> Hello Samuel, > >>> > >>>> If I may chime in this discussion.. what are you trying to protect? > >>>> The > >>>> actual swf or access to services exposed in the swf? > >>> > >>> Yes, it wans't clear. Actually I'm not really trying to protect the > >>> SWF but instead restrict the ways it can be served. Mine is an > >>> application somewhat like youtube but more restricted, so, I > >>> wouldn't > >>> want anyone to get the URL and play the videos anywhere (outside of > >>> the allowed domain). > >>> > >>> On Nov 6, 2007 4:41 PM, Samuel Agesilas <[EMAIL PROTECTED]> wrote: > >>>> Marcelo, > >>>> > >>>> If I may chime in this discussion.. what are you trying to protect? > >>>> The > >>>> actual swf or access to services exposed in the swf? > >>>> > >>>> cheers, > >>>> Sam > >>>> > >>>> > >>>> > >>>> On Nov 4, 2007, at 6:42 PM, Jonathan Valliere wrote: > >>>> > >>>> Marcelo, > >>>> > >>>> As far as referrer checking, your going to need to search google or > >>>> get in > >>>> touch with a Red5 developer ( put it on the Red5 mailing list ). > >>>> > >>>> Encryption: You can load in SWF binary via ByteArray and > >>>> encryption can be > >>>> done with ByteArray data ( that can be loaded via .. Loader ?? ). > >>>> Essentially you encrypt your SWF binary ( and store it encrypted on > >>>> the > >>>> server ) and load it in over HTTPs and decrypt it based on a > >>>> public/ > >>>> private > >>>> key based on a secondary encryption mechanism located inside the > >>>> first one > >>>> and load into a SWFLoader at runtime. Run the entire application > >>>> over HTTPs > >>>> with cache off and it should be pretty dam secure. > >>>> > >>>> http://en.wikipedia.org/wiki/Public-key_cryptography > >>>> > >>>> http://en.wikipedia.org/wiki/Encryption > >>>> > >>>> http://en.wikipedia.org/wiki/Topics_in_cryptography > >>>> > >>>> I bet there are a lot of good books on Cryptography. > >>>> > >>>> -Jon > >>>> > >>>> > >>>> On Nov 4, 2007, at 7:24 PM, Marcelo de Moraes Serpa wrote: > >>>> Hello Jonathan, > >>>> > >>>>> You could protect swfs over RTMP via Red5 to make sure of a > >>>>> correct > >>>> referrer. > >>>> > >>>> > >>>>> You could also load in an encrypted SWF that contains a secondary > >>>> encrypted Binary file that self-decrypts ( and runs ) and is > >>>> responsible for > >>>> referrer / self-authentication over HTTPS / RTMP. > >>>> > >>>> > >>>> Any examples or maybe pointers to articles that elaborate on these > >>>> techniques? > >>>> > >>>> Thanks, > >>>> > >>>> Marcelo. > >>>> > >>>> > >>>> > >>>> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote: > >>>>> > >>>>> yeah but you can't protect against everything. you can encrypt > >>>>> your swfs, > >>>> decrypt them clientside but that could also ultimately be faked > >>>> given enough > >>>> time and data capture. > >>>>> > >>>>> > >>>>> You could protect swfs over RTMP via Red5 to make sure of a > >>>>> correct > >>>> referrer. You could also load in an encrypted SWF that contains a > >>>> secondary > >>>> encrypted Binary file that self-decrypts ( and runs ) and is > >>>> responsible for > >>>> referrer / self-authentication over HTTPS / RTMP. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote: > >>>>> > >>>>> > >>>>>> Red the URL from the browser and see if the domain is valid. I > >>>>>> forget > >>>> how to get it normally but in Flex you get it this way > >>>>>> > >>>>> > >>>>> Yes, but one could possibly decompile the SWF and remove this code > >>>>> (since > >>>> it is client side). > >>>>> > >>>>> > >>>>> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED] > wrote: > >>>>>> > >>>>>> Red the URL from the browser and see if the domain is valid. I > >>>>>> forget > >>>> how to get it normally but in Flex you get it this way > >>>>>> > >>>>>> > >>>>>> Application( Application.application ).url > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote: > >>>>>> > >>>>>> It's perhaps a solution > >>>>>> but i prefer using a referer like in Flash Media Server > >>>>>> I don't find it in RED5 > >>>>>> > >>>>>> > >>>>>> > >>>>>> Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit : > >>>>>> > >>>>>> Hmm.. yep, haven't though about the domain restrictions of the > >>>>>> player, > >>>> it might work! > >>>>>> > >>>>>> @Paul: Afaik, it works like this: When the player downloads a SWF > >>>>>> from a > >>>> domain, it looks for a crossdomain.xml file that in turns contains > >>>> rules on > >>>> which other domains are allowed to play your SWF files you are > >>>> serving > >>>> through your domain. Please someone correct-me if I'm wrong. > >>>>>> > >>>>>> Cheers, > >>>>>> > >>>>>> Marcelo. > >>>>>> > >>>>>> > >>>>>> On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> > >>>>>> wrote: > >>>>>>> > >>>>>>> Thanks Paul :) > >>>>>>> Add a cross-domain policy, which prevents unauthorized domains > >>>>>>> from > >>>> accessing your assets. > >>>>>>> but how ?? > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Le 3 nov. 07 à 14:42, paul|LOWRES a écrit : > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> maybe a cross-domain policy is, what you are looing for? > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>> http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html > >>>>>>> > >>>>>>> > >>>>>>> cheers, > >>>>>>> paul > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa: > >>>>>>> > >>>>>>> Hello Jean, > >>>>>>> > >>>>>>> I'm also searching for a way to restrict my flash application > >>>>>>> in a > >>>> domain. Actually I thought in serving the SWF through a script > >>>> instead of > >>>> letting the webserver serve it so that I could do this referrer > >>>> check > >>>> server-side (Using Ruby/Rails or PHP for example). Code to check > >>>> the > >>>> referrer in the SWF could work but someone could decompile your SWF > >>>> and > >>>> remove this check. > >>>>>>> > >>>>>>> If someone got some ideas regarding that, please share! > >>>>>>> > >>>>>>> Marcelo. > >>>>>>> > >>>>>>> > >>>>>>> On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> > >>>>>>> wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> Hello, > >>>>>>>> > >>>>>>>> > >>>>>>>> I would like to protect my application, do a referrer in fact > >>>>>>>> I've tried this code but the server never run with that : > >>>>>>>> > >>>>>>>> > >>>>>>>> public boolean appConnect(IConnection conn, Object[] params) { > >>>>>>>> String pageUrl = > >>>>>>>> (String)conn.getConnectParams().get( "pageUrl" > >>>> ); > >>>>>>>> log.debug( "L'URL de la pages est : " +pageUrl); > >>>>>>>> if(pageUrl != "http://mydomain";){ > >>>>>>>> return false; > >>>>>>>> } > >>>>>>>> Can you show me the way, in order to my appli just run under my > >>>> domain ? > >>>>>>>> > >>>>>>>> > >>>>>>>> Thanks guys > >>>>>>>> > >>>>>>>> > >>>>>>>> JP > >>>>>>>> _______________________________________________ > >>>>>>>> osflash mailing list > >>>>>>>> [email protected] > >>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> osflash mailing list > >>>>>>> [email protected] > >>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> osflash mailing list > >>>>>>> [email protected] > >>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> osflash mailing list > >>>>>>> [email protected] > >>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>>> > >>>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> osflash mailing list > >>>>>> [email protected] > >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> osflash mailing list > >>>>>> [email protected] > >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>> > >>>>>> _______________________________________________ > >>>>>> osflash mailing list > >>>>>> [email protected] > >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> osflash mailing list > >>>>> [email protected] > >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>> > >>>>> _______________________________________________ > >>>>> osflash mailing list > >>>>> [email protected] > >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> > >>>> > >>>> _______________________________________________ > >>>> osflash mailing list > >>>> [email protected] > >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >>>> > >>>> > >>> > >>> _______________________________________________ > >>> osflash mailing list > >>> [email protected] > >>> http://osflash.org/mailman/listinfo/osflash_osflash.org > >> > >> > >> _______________________________________________ > >> osflash mailing list > >> [email protected] > >> http://osflash.org/mailman/listinfo/osflash_osflash.org > >> > > > > _______________________________________________ > > osflash mailing list > > [email protected] > > http://osflash.org/mailman/listinfo/osflash_osflash.org > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org > _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
