Sign in to follow this  
CProgrammer

hiding data on servers

Recommended Posts

Hi guys. I have a flash program which loads some files such as images from the server. Basically I want to prevent people from being able to access these files by simply entering the url while at the same time allowing the flash program access. I guess there is no real secure way of doing this since te flash program is running client side, however is there a typical way to make it as secure as possibe. -CProgrammer

Share this post


Link to post
Share on other sites
You could use a simple encryption scheme to encrypt the data on the server and decrypt it inside the flash applet. Change the key at random every week, and also regularly shuffle around the binary layout of the flash applet.

This makes extracting the key in a reliable and repeated manner difficult unless it's done by hand every time. It will still be possible, and perhaps even easy, to access the data, but not automatically.

Share this post


Link to post
Share on other sites
Quote:
Original post by ToohrVyk
You could use a simple encryption scheme to encrypt the data on the server and decrypt it inside the flash applet. Change the key at random every week, and also regularly shuffle around the binary layout of the flash applet.

This makes extracting the key in a reliable and repeated manner difficult unless it's done by hand every time. It will still be possible, and perhaps even easy, to access the data, but not automatically.


the random shuffle is a good idea, i think ill use that thanks.
I was hoping there was somethin built into the language but I guess I gotta get to work :)

Share this post


Link to post
Share on other sites
Shuffling is bad, since it'll prevent browser cache from working. If you have lots of data, it'll need to be loaded every time, increasing startup. If these images are served as static, it'll also pollute client's cache. Even more, if you make a request several times during game session, it'll need to be downloaded every time.

You might want to try assigning and checking refferer id in HTTP request, setting a cookie or using session ID or some other form of session identification to make sure request is coming from Flash application and not from outside.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this