That would be done with checking the referrer URL. Sent from my mobile device
On Nov 6, 2007, at 8:08 PM, "Marcelo de Moraes Serpa" <[EMAIL PROTECTED] > wrote: > Yes Jonathan, that's exactly what I am doing with Ruby on Rails - > serving it through the apache but the request goes to a ruby script > before the application decides if it can be served or not. The > remaingin question is how to restrict the player to a specific domain > or subdomains. > > On Nov 6, 2007 9:29 PM, Jonathan Valliere <[EMAIL PROTECTED]> > wrote: >> Instead of serving your player directly via http. You can use python >> as the URL to return the SWF binary in the response if access is >> granted. >> >> Sent from my mobile device >> >> On Nov 6, 2007, at 5:39 PM, "Marcelo de Moraes Serpa" <[EMAIL PROTECTED] >> >>> wrote: >> >>> Ruby on Rails, but I also use Django, Plone and Zope. So, basically >>> Ruby and Python. >>> >>> On Nov 6, 2007 8:01 PM, Samuel Agesilas <[EMAIL PROTECTED]> wrote: >>>> Marcelo, >>>> >>>> Ahh... ok. Cool! If I may ask another question that I neglected to >>>> post and that is what kind of back end technology are you using? >>>> Java, >>>> PHP, ASP.NET? >>>> >>>> Cheers, >>>> Sam >>>> >>>> >>>> On Nov 6, 2007, at 3:54 PM, Marcelo de Moraes Serpa wrote: >>>> >>>>> Hello Samuel, >>>>> >>>>>> If I may chime in this discussion.. what are you trying to >>>>>> protect? >>>>>> The >>>>>> actual swf or access to services exposed in the swf? >>>>> >>>>> Yes, it wans't clear. Actually I'm not really trying to protect >>>>> the >>>>> SWF but instead restrict the ways it can be served. Mine is an >>>>> application somewhat like youtube but more restricted, so, I >>>>> wouldn't >>>>> want anyone to get the URL and play the videos anywhere (outside >>>>> of >>>>> the allowed domain). >>>>> >>>>> On Nov 6, 2007 4:41 PM, Samuel Agesilas <[EMAIL PROTECTED]> >>>>> wrote: >>>>>> Marcelo, >>>>>> >>>>>> If I may chime in this discussion.. what are you trying to >>>>>> protect? >>>>>> The >>>>>> actual swf or access to services exposed in the swf? >>>>>> >>>>>> cheers, >>>>>> Sam >>>>>> >>>>>> >>>>>> >>>>>> On Nov 4, 2007, at 6:42 PM, Jonathan Valliere wrote: >>>>>> >>>>>> Marcelo, >>>>>> >>>>>> As far as referrer checking, your going to need to search >>>>>> google or >>>>>> get in >>>>>> touch with a Red5 developer ( put it on the Red5 mailing list ). >>>>>> >>>>>> Encryption: You can load in SWF binary via ByteArray and >>>>>> encryption can be >>>>>> done with ByteArray data ( that can be loaded via .. Loader ?? ). >>>>>> Essentially you encrypt your SWF binary ( and store it >>>>>> encrypted on >>>>>> the >>>>>> server ) and load it in over HTTPs and decrypt it based on a >>>>>> public/ >>>>>> private >>>>>> key based on a secondary encryption mechanism located inside the >>>>>> first one >>>>>> and load into a SWFLoader at runtime. Run the entire application >>>>>> over HTTPs >>>>>> with cache off and it should be pretty dam secure. >>>>>> >>>>>> http://en.wikipedia.org/wiki/Public-key_cryptography >>>>>> >>>>>> http://en.wikipedia.org/wiki/Encryption >>>>>> >>>>>> http://en.wikipedia.org/wiki/Topics_in_cryptography >>>>>> >>>>>> I bet there are a lot of good books on Cryptography. >>>>>> >>>>>> -Jon >>>>>> >>>>>> >>>>>> On Nov 4, 2007, at 7:24 PM, Marcelo de Moraes Serpa wrote: >>>>>> Hello Jonathan, >>>>>> >>>>>>> You could protect swfs over RTMP via Red5 to make sure of a >>>>>>> correct >>>>>> referrer. >>>>>> >>>>>> >>>>>>> You could also load in an encrypted SWF that contains a >>>>>>> secondary >>>>>> encrypted Binary file that self-decrypts ( and runs ) and is >>>>>> responsible for >>>>>> referrer / self-authentication over HTTPS / RTMP. >>>>>> >>>>>> >>>>>> Any examples or maybe pointers to articles that elaborate on >>>>>> these >>>>>> techniques? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Marcelo. >>>>>> >>>>>> >>>>>> >>>>>> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED]> wrote: >>>>>>> >>>>>>> yeah but you can't protect against everything. you can encrypt >>>>>>> your swfs, >>>>>> decrypt them clientside but that could also ultimately be faked >>>>>> given enough >>>>>> time and data capture. >>>>>>> >>>>>>> >>>>>>> You could protect swfs over RTMP via Red5 to make sure of a >>>>>>> correct >>>>>> referrer. You could also load in an encrypted SWF that >>>>>> contains a >>>>>> secondary >>>>>> encrypted Binary file that self-decrypts ( and runs ) and is >>>>>> responsible for >>>>>> referrer / self-authentication over HTTPS / RTMP. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote: >>>>>>> >>>>>>> >>>>>>>> Red the URL from the browser and see if the domain is valid. I >>>>>>>> forget >>>>>> how to get it normally but in Flex you get it this way >>>>>>>> >>>>>>> >>>>>>> Yes, but one could possibly decompile the SWF and remove this >>>>>>> code >>>>>>> (since >>>>>> it is client side). >>>>>>> >>>>>>> >>>>>>> On 11/4/07, Jonathan Valliere <[EMAIL PROTECTED] > wrote: >>>>>>>> >>>>>>>> Red the URL from the browser and see if the domain is valid. I >>>>>>>> forget >>>>>> how to get it normally but in Flex you get it this way >>>>>>>> >>>>>>>> >>>>>>>> Application( Application.application ).url >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote: >>>>>>>> >>>>>>>> It's perhaps a solution >>>>>>>> but i prefer using a referer like in Flash Media Server >>>>>>>> I don't find it in RED5 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit : >>>>>>>> >>>>>>>> Hmm.. yep, haven't though about the domain restrictions of the >>>>>>>> player, >>>>>> it might work! >>>>>>>> >>>>>>>> @Paul: Afaik, it works like this: When the player downloads a >>>>>>>> SWF >>>>>>>> from a >>>>>> domain, it looks for a crossdomain.xml file that in turns >>>>>> contains >>>>>> rules on >>>>>> which other domains are allowed to play your SWF files you are >>>>>> serving >>>>>> through your domain. Please someone correct-me if I'm wrong. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Marcelo. >>>>>>>> >>>>>>>> >>>>>>>> On 11/3/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Thanks Paul :) >>>>>>>>> Add a cross-domain policy, which prevents unauthorized domains >>>>>>>>> from >>>>>> accessing your assets. >>>>>>>>> but how ?? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Le 3 nov. 07 à 14:42, paul|LOWRES a écrit : >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> maybe a cross-domain policy is, what you are looing for? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html >>>>>>>>> >>>>>>>>> >>>>>>>>> cheers, >>>>>>>>> paul >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa: >>>>>>>>> >>>>>>>>> Hello Jean, >>>>>>>>> >>>>>>>>> I'm also searching for a way to restrict my flash application >>>>>>>>> in a >>>>>> domain. Actually I thought in serving the SWF through a script >>>>>> instead of >>>>>> letting the webserver serve it so that I could do this referrer >>>>>> check >>>>>> server-side (Using Ruby/Rails or PHP for example). Code to check >>>>>> the >>>>>> referrer in the SWF could work but someone could decompile your >>>>>> SWF >>>>>> and >>>>>> remove this check. >>>>>>>>> >>>>>>>>> If someone got some ideas regarding that, please share! >>>>>>>>> >>>>>>>>> Marcelo. >>>>>>>>> >>>>>>>>> >>>>>>>>> On 10/26/07, Jean-Philippe DELAVALLADE < [EMAIL PROTECTED]> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I would like to protect my application, do a referrer in fact >>>>>>>>>> I've tried this code but the server never run with that : >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> public boolean appConnect(IConnection conn, Object[] >>>>>>>>>> params) { >>>>>>>>>> String pageUrl = >>>>>>>>>> (String)conn.getConnectParams().get( "pageUrl" >>>>>> ); >>>>>>>>>> log.debug( "L'URL de la pages est : " +pageUrl); >>>>>>>>>> if(pageUrl != "http://mydomain";){ >>>>>>>>>> return false; >>>>>>>>>> } >>>>>>>>>> Can you show me the way, in order to my appli just run >>>>>>>>>> under my >>>>>> domain ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks guys >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> JP >>>>>>>>>> _______________________________________________ >>>>>>>>>> osflash mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> osflash mailing list >>>>>>>>> [email protected] >>>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> osflash mailing list >>>>>>>>> [email protected] >>>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> osflash mailing list >>>>>>>>> [email protected] >>>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> osflash mailing list >>>>>>>> [email protected] >>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> osflash mailing list >>>>>>>> [email protected] >>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> osflash mailing list >>>>>>>> [email protected] >>>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> osflash mailing list >>>>>>> [email protected] >>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>> >>>>>>> _______________________________________________ >>>>>>> osflash mailing list >>>>>>> [email protected] >>>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> osflash mailing list >>>>>> [email protected] >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>> _______________________________________________ >>>>>> osflash mailing list >>>>>> [email protected] >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> osflash mailing list >>>>>> [email protected] >>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> osflash mailing list >>>>> [email protected] >>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>> >>>> >>>> _______________________________________________ >>>> osflash mailing list >>>> [email protected] >>>> http://osflash.org/mailman/listinfo/osflash_osflash.org >>>> >>> >>> _______________________________________________ >>> osflash mailing list >>> [email protected] >>> http://osflash.org/mailman/listinfo/osflash_osflash.org >> >> _______________________________________________ >> osflash mailing list >> [email protected] >> http://osflash.org/mailman/listinfo/osflash_osflash.org >> > > _______________________________________________ > osflash mailing list > [email protected] > http://osflash.org/mailman/listinfo/osflash_osflash.org _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
