[osflash] secure my application...
Jonathan Valliere
sybersnake at gmail.com
Sun Nov 4 09:32:05 PST 2007
yeah but you can't protect against everything. you can encrypt your
swfs, decrypt them clientside but that could also ultimately be faked
given enough time and data capture.
You could protect swfs over RTMP via Red5 to make sure of a correct
referrer. You could also load in an encrypted SWF that contains a
secondary encrypted Binary file that self-decrypts ( and runs ) and
is responsible for referrer / self-authentication over HTTPS / RTMP.
On Nov 4, 2007, at 12:23 PM, Marcelo de Moraes Serpa wrote:
> Red the URL from the browser and see if the domain is valid. I
> forget how to get it normally but in Flex you get it this way
>
> Yes, but one could possibly decompile the SWF and remove this code
> (since it is client side).
>
> On 11/4/07, Jonathan Valliere <sybersnake at gmail.com> wrote:
> Red the URL from the browser and see if the domain is valid. I
> forget how to get it normally but in Flex you get it this way
>
> Application( Application.application ).url
>
>
> On Nov 3, 2007, at 11:40 AM, Jean-Philippe DELAVALLADE wrote:
>
>> It's perhaps a solution
>> but i prefer using a referer like in Flash Media Server
>> I don't find it in RED5
>>
>> Le 3 nov. 07 à 16:23, Marcelo de Moraes Serpa a écrit :
>>
>>> Hmm.. yep, haven't though about the domain restrictions of the
>>> player, it might work!
>>>
>>> @Paul: Afaik, it works like this: When the player downloads a SWF
>>> from a domain, it looks for a crossdomain.xml file that in turns
>>> contains rules on which other domains are allowed to play your
>>> SWF files you are serving through your domain. Please someone
>>> correct-me if I'm wrong.
>>>
>>> Cheers,
>>>
>>> Marcelo.
>>>
>>> On 11/3/07, Jean-Philippe DELAVALLADE < jeanphide at orange.fr> wrote:
>>> Thanks Paul :)
>>> Add a cross-domain policy, which prevents unauthorized domains
>>> from accessing your assets.
>>> but how ??
>>>
>>> Le 3 nov. 07 à 14:42, paul|LOWRES a écrit :
>>>
>>>> maybe a cross-domain policy is, what you are looing for?
>>>>
>>>> http://livedocs.adobe.com/flash/9.0/UsingFlash/help.html?
>>>> content=WSd60f23110762d6b883b18f10cb1fe1af6-7b35.html
>>>>
>>>> cheers,
>>>> paul
>>>>
>>>>
>>>> Am 03.11.2007 um 14:01 schrieb Marcelo de Moraes Serpa:
>>>>
>>>>> Hello Jean,
>>>>>
>>>>> I'm also searching for a way to restrict my flash application
>>>>> in a domain. Actually I thought in serving the SWF through a
>>>>> script instead of letting the webserver serve it so that I
>>>>> could do this referrer check server-side (Using Ruby/Rails or
>>>>> PHP for example). Code to check the referrer in the SWF could
>>>>> work but someone could decompile your SWF and remove this check.
>>>>>
>>>>> If someone got some ideas regarding that, please share!
>>>>>
>>>>> Marcelo.
>>>>>
>>>>> On 10/26/07, Jean-Philippe DELAVALLADE < jeanphide at orange.fr>
>>>>> wrote:
>>>>> Hello,
>>>>>
>>>>> I would like to protect my application, do a referrer in fact
>>>>> I've tried this code but the server never run with that :
>>>>>
>>>>> public boolean appConnect(IConnection conn, Object[] params) {
>>>>> String pageUrl = (String)conn.getConnectParams().get
>>>>> ( "pageUrl" );
>>>>> log.debug( "L'URL de la pages est : " +pageUrl);
>>>>> if(pageUrl != "http://mydomain"){
>>>>> return false;
>>>>> }
>>>>> Can you show me the way, in order to my appli just run under my
>>>>> domain ?
>>>>>
>>>>> Thanks guys
>>>>>
>>>>> JP
>>>>>
>>>>> _______________________________________________
>>>>> osflash mailing list
>>>>> osflash at osflash.org
>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> osflash mailing list
>>>>> osflash at osflash.org
>>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>>
>>>> _______________________________________________
>>>> osflash mailing list
>>>> osflash at osflash.org
>>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>
>>>
>>> _______________________________________________
>>> osflash mailing list
>>> osflash at osflash.org
>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>>
>>>
>>> _______________________________________________
>>> osflash mailing list
>>> osflash at osflash.org
>>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>>
>> _______________________________________________
>> osflash mailing list
>> osflash at osflash.org
>> http://osflash.org/mailman/listinfo/osflash_osflash.org
>
>
> _______________________________________________
> osflash mailing list
> osflash at osflash.org
> http://osflash.org/mailman/listinfo/osflash_osflash.org
>
>
> _______________________________________________
> osflash mailing list
> osflash at osflash.org
> http://osflash.org/mailman/listinfo/osflash_osflash.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/osflash_osflash.org/attachments/20071104/f16275ad/attachment.html
More information about the osflash
mailing list