views:

32

answers:

1

Hello Ive a website that create avatars for users and provide them with link for avatar to use it in their website or singuters etc , my problems is the website based on flash . the main page has 1 swf file that load other swfs used to create avatars , if someone knows the link for the these swf files he can download them which means he can have all the website lets say: www.test.com as main page which load main swf and other swfs files which located at www.test.com/resources/flash/swffiles/file1.swf

anyone can grap these files and have all the website which is a big security breach ive trying so many way protect these files from not download but protecting them means the main swf cant talk to them and cant load the main page correctaly , any suggestion for these ..

thanks in advance

A: 

you can do a few things to make it harder to misappropriate your flash files., none are foolproof, but these measures can act as a deterrent.

  • site lock (or domain lock) the app. the actionscript checks if the app was loaded from an authorized domain and exits if not. example:

http://www.wildform.com/support/tutorials/SecuringFlixVideos/#2

http://www.emanueleferonato.com/2008/03/10/how-to-sitelock-a-flash-movie/

  • use a tool like swfencrypt or irrFuscator to obfuscate your code. the code can still be decompiled, but in obfuscated form it would be harder to bypass the protections or modify the app.

  • if your app is for authorized users only, put it behind a hard to guess URL (a path with a random string) or have it served via a php script that checks the users credentials before delivering the swf.