Game Protection

[Gloo pot]

Lets say you download a swf files of my site, from your local machine you run it. This swf file then finds and loads an external file of my webhost. Is this external file stored anywere onto the users HDD or does it just ramain in RAM untill the swf is closed?

Tryed googling to find a decent answer about this but found nothing directly relating to my question. So, does this help at all in stoping users from getting a hard copy of my game? Or can this be used to at least to make it harder to steel.

[mr_malee]

i think it does actaully get downloaded into the users cache, whenever i'm testing external data, i have to clear the cache of my browser to make it re-download otherwise it remains on my computer even after a restart.

anyway i think thats right. Have you tested it yourself?

[Gloo pot]

No i havent tested it yet, havent used an external swfs yet so i was going to try and get some info about this method and if it has any real meaning before i go waisting time on a useless cause. Supose I shall go have a play around.

With webpages you can stop it from being cached but needs to be downloaded every time you want to play, but not a huge problem. And you can pass varibles and such between swfs on a webpage with javacript or someother backend language. So if the swf on the users machine called apon a webpage which had the swf loaded into it uncached, could you some how load it into the users swf out of the webpage?

In simple terms:
Download Swf onto users machine called user swf
User swf opens up a webpage which loads the swf uncached
User swf then loads the swf from the webpage into its self

This might still bring up the problem of it still being cached after loaded from the webpage if thats even possable.

[tonypa]

Everything can be cached. If it is not cached for IE with default settings then there are always other browsers and settings that can be changed.

[Gloo pot]

I thought you could set a swf file not to be cached with js or somthing other langauge used in web design.

[stevz©_]

Hmm...

I'm not sure if it's possible but I had a tutorial using PHP to communicate. I don't know the code exacty but what you could do is have the main swf send the domain name to the PHP, let the PHP code decide if it's a legit domain to host the file then proceed to load the files to it...

Then again it caches the files once it loads...

...

[Fall_X]

Download Swf onto users machine called user swf
User swf opens up a webpage which loads the swf uncached
User swf then loads the swf from the webpage into its self

Not really possible. You can only load an swf if you know the exact path to it. So if you load it on an html page without caching it, that version doesn't have a local path - and i doubt you would be able to get the path where the browser caches it anyway.

If wht you want is have a fresh copy each time you load the swf, just add a querystring with the current time (ie "movie.swf?time="+timeVar). It will still be cached on the local machine, but the application will reload it every time you load it in, because it's a unique url.

If you don't want the swf to reside on the user's machine (or not in a useable form), there's only one solution : use AS3. You could have the swf encrypted and gzip-compressed on the server using php before sending it through, and only this file will be cached. Your AS3-application, after loading, will have to decompress it (which is easy), decrypt it (which is a bit harder), and create a new movieclip from the resulting ByteArray.

Note that this is still not 100% secure, but not so easy to hack depending on how you encrypt the swf.

[tomsamson]

you should really think about protecting things in different way, preventing caching is really not ideal for your traffic bandwidth and players (especially not for those with slow connections).

[Fall_X]

I agree with tomsomson, but there are cases where avoiding the browser cache can be necessary. For instance, in a game I'm working on, I want to be able to update files on the server, and have them automatically updated on the clients. The reason is that it has a pretty big game world, and I need to be able to expand it, change things, etc, and I want this to be instant for the players, without having to restart the game/clear their cache. I do use the browser cache, but I also need control over when things need to be reloaded. It's a pretty complicated system, but it's almost working

[Gloo pot]

Wow, sounds preaty swish... So can this method be used to stop the user from getting a hard copy of the game?

[Fall_X]

Not really, but in AS3, you can make it harder by having one basic container swf that loads the game. On the server, you can encrypt the game, and even cut it into pieces. The container swf needs to put it all back together and decrypt it, and then use Loader.loadBytes to make a movieclip out of it. But if they decompile your container-swf and figure out what methods you used, it can still be hacked, off course. It will propbably stop most kids though.