-
09-19-2004, 05:23 PM
#101
thehumanchimp, the 'Loaded' swf was in my cache, using Mozilla 1.6.
Vex / G4MES.net - "JBJ Sisters: Snow Adventure" - Now available for Nokia Series 40, 60 and MIDP-2 phones.
-
09-20-2004, 04:35 AM
#102
Senior Member
Opera browser also has "Loaded" swf in the cache.
-
09-20-2004, 12:06 PM
#103
Official Shoe Shiner
oh damn thats annoying.
Can you check to see if you had the "Authentification Failure" .swf in your cache aswell?
Thanks.
[EDIT] Just checked it in Firefox and got the same problem, but ive thought of a way to fix it. Fix should be coming soon. [/EDIT]
Last edited by thehumanchimp; 09-20-2004 at 01:16 PM.
Message on a gravestone: I finished before you in the human race.
Using: Flash MX
-
09-20-2004, 03:29 PM
#104
Official Shoe Shiner
Right, ok - i think ive sorted that problem. Try it here:
http://members.lycos.co.uk/humanchimp/cache/test.html
Rules like before, see if you have the "Loaded" swf in your cache. Hopefully now you won't.
Message on a gravestone: I finished before you in the human race.
Using: Flash MX
-
09-20-2004, 03:58 PM
#105
Feeling adventurous?
Opera: cleared my cache, F5'ed, couldnt get the movie to load no matter how many times i refreshed :?
-
09-21-2004, 03:24 AM
#106
Senior Member
Well, this thread kind of evolved into "how to protect your swf" but I'd like to simply gripe as well. muchosjuegos and minijuegos took mine too! I emailed minijuegos asking them to take it down but got no response. Didn't know about muchosjuegos until I saw this thread.
What a pain.
Mike
-
09-21-2004, 05:35 AM
#107
Senior Member
I still have both "Loaded" swf and "Authentification Failure" swf in the Opera cache.
-
09-21-2004, 02:49 PM
#108
·»¤«·
Put your add and legal notice before your game. Put legal notice wherever you put your game.
I was thinking about this method, think it would work at all?:
1) PHP page with FlashLoader.swf embedded. PHP server generates a unique access code which gets put in this PHP and is passed into FlashLoader.swf(via FlashVars or URL string). Let's say the var name of the unique access code is accessCode
2) FlashLoader.swf contains:
loadMovieNum("loadFlash.php?varCode="+accessCode+" ,0,"GET");
3) PHP page loadFlash.php can then, if a proper GET code is given, return the real SWF file from a secure location. Each access code can only be used once, and can be given a host of other marks that make it impossible to get PHP to generate a code then use it later to rip a file.
Would the externally loaded SWF get cached?
>flashl!ght<
All the normal names were taken.
Ron Paul was right.
-
09-21-2004, 03:12 PM
#109
Official Shoe Shiner
Flashl!ight: thats basically a shotened down version of my ealier MovieLock version. The answer to your question: unfortunately, yes.
TonyPa: What names were the cached files saved as?
T1ger: Thats wierd, very wierd indeed. [EDIT] Try now, does it work? [/EDIT]
Last edited by thehumanchimp; 09-21-2004 at 03:33 PM.
Message on a gravestone: I finished before you in the human race.
Using: Flash MX
-
09-21-2004, 04:00 PM
#110
Senior Member
Originally posted by thehumanchimp
TonyPa: What names were the cached files saved as?
Opera renames all the files, so they all have really weird names like opr0KHFj.swf, but finding correct swf is not problem.
-
09-21-2004, 05:27 PM
#111
Feeling adventurous?
It does work now, but i can get the swf without any problem at all.
-
09-22-2004, 03:05 PM
#112
Official Shoe Shiner
T1ger, does "but i can get the swf without any problem at all." mean that it was in your cache, or that you could get hold of it by other means easily?
Message on a gravestone: I finished before you in the human race.
Using: Flash MX
-
09-22-2004, 05:27 PM
#113
Feeling adventurous?
in opera i can check my cache my entering "opera:cache" in the address bar. if i click the url to the swf there, i come right to it.
-
10-13-2004, 04:05 AM
#114
Senior Member
I think I realized something very useful last night!
Real site
Leeched site
Test it please, to make my self sure it is safe to use... Of course, once access has been granted, there are still ASV's to decompile these swf-files, but this helps with controlling unwanted leeching!
-
10-13-2004, 05:09 AM
#115
Custom User Title
Just a idea
Why dont you put a .txt in your server, and the game.swf must read the value of a variable inside this txt, so if the value is correct he plays the game, otherwise, not.
So, even if you have this swf in your cache, he will not work cos he cant find the txt...or the txt will end up in the cache too???
Last edited by Incrue; 10-13-2004 at 05:14 AM.
-
10-13-2004, 05:14 AM
#116
Senior Member
Originally posted by Increu
Just a idea
Why dont you put a .txt in your server, and the game.swf must read the value of a variable inside this txt, so if the value is correct he plays the game, otherwise, not.
it doesn't stop leeching, because .swf file would read the variable from your server. The game Would always work whetever it were leeched or not. The game could be played still from unwanted site.
-
10-13-2004, 05:18 AM
#117
Custom User Title
Originally posted by TeroLebe
it doesn't stop leeching, because .swf file would read the variable from your server. The game Would always work whetever it were leeched or not. The game could be played still from unwanted site.
Sorry my bad english, i dont konw what means leeching
Anyway, it will happen even if i send the swf to look for a exact folder inside my server?
I mean, FOR EXAMPLE, not ww.myserver.com/secretfolder/secret.txt but just:
/secretfolder/secret.txt
so, the swf will look for the secretfolder inside the other site server...i gess...
Last edited by Incrue; 10-13-2004 at 05:23 AM.
-
10-13-2004, 05:43 AM
#118
increu :
leeching is like this,
<iframe src="http://www.otherdomain.com/file.htm">
the leeched swf will play correctly because it's played on your server! even if your swf's trying to get resource from url add like this "../../security.swf"
I'm not a web guru nor a hacker (altough I enjoyed the rush of opening ppl's file.. with all due respect of course ), the problem with flash is :
1. You put your flash inside web directory to be displayed using http protocol, meanings that people can always get your file no matter what (duh.. that's the idea of http!).
I'm not sure about disabling your swf to be stored in chace directory of the user, does it really work ?
2. Action script is intepreted not compiled to machine code nor byte code, so no matter what, any determined hacker with little knowledge can always look inside your code. Of course there's obfuscator but obfuscator won't change the string data so for ex.
"getURL("../security.php");"
will probably changed into
"11_("../security.php");"
And there's nothing you can do to stop people from seeing your string.
-
10-13-2004, 05:53 AM
#119
Custom User Title
And if they cant know the name of the swf?
I mean, you tell php to dinamically generate the swf name, but when they go look the source they cant see the name...
-
10-13-2004, 06:00 AM
#120
Senior Member
Originally posted by Increu
And if they cant know the name of the swf?
I mean, you tell php to dinamically generate the swf name, but when they go look the source they cant see the name...
well, i just did that in my post, also it will change the swf file, if the "access key" is invalid.
I just want people to test if my way is secuer enough to stop leeching. My swf-file is only allowed to play in my site.
The thing I did is nothing to do with swf's, it can be used in images, and other file types.
edit:
here's the links once again
Real site
Leeched site
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|