SWF file visibility limitation

Question

SWF file visibility limitation

I have a situation where my main SWF file loads a lot of external SWF files. However, these external SWF files are simply located in the shared folder of the web server.

Is it possible to limit the visibility of SWF only to my main SWF file (the one that loads external SWF files). In the current state, any user who knows where to look can simply enter the URL and go to SWF, not to mention fraudulent bots that do not follow robots.txt.

The reason for this is very simple. Users use the username / password to enter the main Flash application and the main Flash application, in turn, download the SWF files and ONLY, then they are available to the user. In addition, depending on who is logging in, some SWF files are limited and do not load.

Thanks for any help!

+5

security flash actionscript-3

helloworlder Mar 07 '10 at 14:51

source share

2 answers

, , :

script -swf ( ).
, -swf, swf:

- if(this.parent.toString() != "mainSwf") { stop();} ( ).

, , - "mainSwf", -swf. , - ...

, swf, var myKey:String="362574036704ry3f0y3432607", : if(this.parent.myKey != "362574036704ry3f0y3432607") { stop();}.

, . , .

EDIT:

, .

0

Richard Inglis 07 . '10 16:12

rook · Accepted Answer · 2010-03-07T17:59:38+0000

It depends on how flash authentication is performed. Flash must be authenticated using a server-side application with a database. The server application can then use the database to perform access control for each file.

All filesshould be monitored by a table; columns should be included in it, such as local path, as well as, user_groupor possibly user_id. An authenticated session should be tracked user_idafter logging in with a username and password.

robots.txt , robots.txt, .

- . " ", . HTTP-, tamperdata. , , .

SWF file visibility limitation

More articles: