Hi guys. I have a flash program which loads some files such as images from the server. Basically I want to prevent people from being able to access these files by simply entering the url while at the same time allowing the flash program access. I guess there is no real secure way of doing this since te flash program is running client side, however is there a typical way to make it as secure as possibe. -CProgrammer

Quote:Original post by ToohrVyk
You could use a simple encryption scheme to encrypt the data on the server and decrypt it inside the flash applet. Change the key at random every week, and also regularly shuffle around the binary layout of the flash applet.

This makes extracting the key in a reliable and repeated manner difficult unless it's done by hand every time. It will still be possible, and perhaps even easy, to access the data, but not automatically.

the random shuffle is a good idea, i think ill use that thanks.
I was hoping there was somethin built into the language but I guess I gotta get to work :)

Shuffling is bad, since it'll prevent browser cache from working. If you have lots of data, it'll need to be loaded every time, increasing startup. If these images are served as static, it'll also pollute client's cache. Even more, if you make a request several times during game session, it'll need to be downloaded every time.

You might want to try assigning and checking refferer id in HTTP request, setting a cookie or using session ID or some other form of session identification to make sure request is coming from Flash application and not from outside.