[osflash] secure my application...
Jonathan Valliere
sybersnake at gmail.com
Sun Nov 4 05:49:31 PST 2007
Red the URL from the browser and see if the domain is valid. I
forget how to get it normally but in Flex you get it this way
Application( Application.application ).url
On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote:
> It's perhaps a solution
> but i prefer using a referer like in Flash Media Server
> I don't find it in RED5
>
> Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit :
>
>> Hmm.. yep, haven't though about the domain restrictions of the
>> player, it might work!
>>
>> @Paul: Afaik, it works like this: When the player downloads a SWF
>> from a domain, it looks for a crossdomain.xml file that in turns
>> contains rules on which other domains are allowed to play your SWF
>> files you are serving through your domain. Please someone correct-
>> me if I'm wrong.
>>
>> Cheers,
>>
>> Marcelo.
>>
>> On 11/3/07, Jean-Philippe DELAVALLADE <jeanphide at orange.fr> wrote:
>> Thanks Paul :)
>> Add a cross-domain policy, which prevents unauthorized domains
>> from accessing your assets.
>> but how ??
>>
>> Le 3 nov. 07 à 14:42, paul|LOWRES a écrit :
>>
>>> maybe a cross-domain policy is, what you are looing for?
>>>
>>> http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?
>>> content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html
>>>
>>> cheers,
>>> paul
>>>
>>>
>>> Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa:
>>>
>>>> Hello Jean,
>>>>
>>>> I'm also searching for a way to restrict my flash application in
>>>> a domain. Actually I thought in serving the SWF through a script
>>>> instead of letting the webserver serve it so that I could do
>>>> this referrer check server-side (Using Ruby/Rails or PHP for
>>>> example). Code to check the referrer in the SWF could work but
>>>> someone could decompile your SWF and remove this check.
>>>>
>>>> If someone got some ideas regarding that, please share!
>>>>
>>>> Marcelo.
>>>>
>>>> On 10/26/07, Jean-Philippe DELAVALLADE < jeanphide at orange.fr>
>>>> wrote:
>>>> Hello,
>>>>
>>>> I would like to protect my application, do a referrer in fact
>>>> I've tried this code but the server never run with that :
>>>>
>>>> public boolean appConnect(IConnection conn, Object[] params) {
>>>> String pageUrl = (String)conn.getConnectParams().get
>>>> ( "pageUrl" );
>>>> log.debug( "L'URL de la pages est : " +pageUrl);
>>>> if(pageUrl != "http://mydomain"){
>>>> return false;
>>>> }
>>>> Can you show me the way, in order to my appli just run under my
>>>> domain ?
>>>>
>>>> Thanks guys
>>>>
>>>> JP
>>>>
>>>> _______________________________________________
>>>> osflash mailing list
>>>> osflash at osflash.org
>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>>
>>>>
>>>> _______________________________________________
>>>> osflash mailing list
>>>> osflash at osflash.org
>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>
>>> _______________________________________________
>>> osflash mailing list
>>> osflash at osflash.org
>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>
> _______________________________________________
> osflash mailing list
> osflash at osflash.org
> http://osflash.org/mailman/listinfo/osflash_osflash.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/osflash_osflash.org/attachments/20071104/24ffd4eb/attachment.html
More information about the osflash
mailing list