Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser?

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 103461
interpreted = N
texte = Terry, I really appreciate you offering such a thorough explanation of what you do. Now I want to see if I can better understand a few places where I was foggy:> [snip]> ...To solve the swf hijacking issue you raised, what we would do is > to nest> your swf video file inside another swf file (outer swf file - OSWF).I have made/edited flash files with MX 2004 (macromedia), but I only learned just enough to finish a job I had... just using them as a static movie format really. I am not sure what it means to embed one flash file inside another. I know how to make SWF files which are made from other movies, but they are self-contained.. requiring no dependencies. It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right? (more below..)> The> OSWF is what the surfer sees and is what the hijacker will stick or > point> directly to. Your OSWF will call on the true video swf file to load > and play> only if it passes a check that it will perform ....if not, it blocks > the> content from playing, throws up a warning message or even redirects > the> end-user to the actual site that has the original work ...all > depends on> what you want it to do.>> So, what is this check that the OSWF does? Well, on your web page > that has> the OSWF file ...that page will be a WebDNA tagged page that > provides a> [cart] value as an id marker when the page is called. The id marker, > being a> cart value is unique throughout its life time, is also passed to the > OSWF as> a Flashvar.Here again my newness to flash creates doubts about my understanding.. Well I just googled it and got a start in understanding what is a 'Flashvar', but I was not clear on one thing.. it sounds like you are saying that if adept at flash, one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?> An Append linkhere you mean a webdna [append] context right?(more below..)> is also included on the same page to record that> ID generated on your server DB. All this is done when the page is > called or> requested ...so it is in play even before the OSWF starts to run.>> After the page loads in the browser of the end-user, the > OSWF ...when it> fully loads will then do a call out (using the Flashvar) to the server> asking for the same ID from the database that stored it upon page > download /> request. If it exists, the server respond back to the OSWF and it > allows> the video to download and play, deleting the ID from the database. > If the ID> call back fails, the server informs OSWF, deletes ID in Db where > OSWF does> what you want it to do to protect the content.>> Note, no need to clean up cart values stored in DB because it is > cleared> upon callback. No need for heavy loads on your media servers from > hijackers> stealing content because it is only called when OSWF calls it not > the user> or their browser.Then I assume you are saying that one can make a flash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play *unless called* by another outer SWF file? Otherwise my first thought was, "well, what if the hacker manages to guess the exact name/ address of the inner SWF who we are calling with the OSWF? ...then he could play it by hitting it directly with his browser.".My webdna skills are all up to speed, I am just trying to piece together missing pieces in my understanding (apparently all flash issues) so i can visualize what you are doing, and know where I would have to study to replicate your solution.And meanwhile I am still wondering if there is not a way I can protect my client's (pre-existing) SWF files without having to re-create them all to use flashvars and make calls to server and to inner SWF's. (Client already spent his budget on those SWF files.) I mean, do you know that it is NOT possible to just change the below code somehow so that it plays in the browser instead of trying to save to disk? If I could do it this way then I am all set, since I already have running a working webdna protection scheme.In any case, I really appreciate your having taken your time to write to me with your help![text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/text][text]theFileName=theFile.swf[/text][text]line_ending=%0D%0A[/text][ReturnRaw binarybody=[theFullPathtoFile]][!][/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!][/!]Status: 200[unurl][line_ending][/unurl][!][/!]Content-Type: application/octet-stream[unurl][line_ending][/unurl][!][/!]Content-Disposition: attachment; filename="[theFileName]"[unurl][line_ending][line_ending][/unurl][!][/!][/ReturnRaw]> If secured content is a strong requirement (packet> sniffers, reverse hacking of swf)...you can even engineer a simple> encryption key code for the final call that OSWF makes ...no one can > see> this link usually, not even in cache because OSWF submits it not the> browser. Oh yes, you can even encrypt the OSWF to protect reverse > hacking.>> Anyway ...you will get what you want. Remember, folks can bookmark > your page> link or OSWF directly, but only the page link will > work ...bookmarked or> stored OSWF will fail since without an ID or even an expired ID that > was> stored and deleted, it will fail.>> Hope that helps point you in the right direction.>> Cheers Terry Nair-Govinda Associated Messages, from the most recent to the oldest:

Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? ("Terry Nair" 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Patrick McCormick 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? ("Terry Nair" 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)

Terry, I really appreciate you offering such a thorough explanation of what you do. Now I want to see if I can better understand a few places where I was foggy:> [snip]> ...To solve the swf hijacking issue you raised, what we would do is > to nest> your swf video file inside another swf file (outer swf file - OSWF).I have made/edited flash files with MX 2004 (macromedia), but I only learned just enough to finish a job I had... just using them as a static movie format really. I am not sure what it means to embed one flash file inside another. I know how to make SWF files which are made from other movies, but they are self-contained.. requiring no dependencies. It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right? (more below..)> The> OSWF is what the surfer sees and is what the hijacker will stick or > point> directly to. Your OSWF will call on the true video swf file to load > and play> only if it passes a check that it will perform ....if not, it blocks > the> content from playing, throws up a warning message or even redirects > the> end-user to the actual site that has the original work ...all > depends on> what you want it to do.>> So, what is this check that the OSWF does? Well, on your web page > that has> the OSWF file ...that page will be a WebDNA tagged page that > provides a> [cart] value as an id marker when the page is called. The id marker, > being a> cart value is unique throughout its life time, is also passed to the > OSWF as> a Flashvar.Here again my newness to flash creates doubts about my understanding.. Well I just googled it and got a start in understanding what is a 'Flashvar', but I was not clear on one thing.. it sounds like you are saying that if adept at flash, one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?> An Append linkhere you mean a webdna [append] context right?(more below..)> is also included on the same page to record that> ID generated on your server DB. All this is done when the page is > called or> requested ...so it is in play even before the OSWF starts to run.>> After the page loads in the browser of the end-user, the > OSWF ...when it> fully loads will then do a call out (using the Flashvar) to the server> asking for the same ID from the database that stored it upon page > download /> request. If it exists, the server respond back to the OSWF and it > allows> the video to download and play, deleting the ID from the database. > If the ID> call back fails, the server informs OSWF, deletes ID in Db where > OSWF does> what you want it to do to protect the content.>> Note, no need to clean up cart values stored in DB because it is > cleared> upon callback. No need for heavy loads on your media servers from > hijackers> stealing content because it is only called when OSWF calls it not > the user> or their browser.Then I assume you are saying that one can make a flash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play *unless called* by another outer SWF file? Otherwise my first thought was, "well, what if the hacker manages to guess the exact name/ address of the inner SWF who we are calling with the OSWF? ...then he could play it by hitting it directly with his browser.".My webdna skills are all up to speed, I am just trying to piece together missing pieces in my understanding (apparently all flash issues) so i can visualize what you are doing, and know where I would have to study to replicate your solution.And meanwhile I am still wondering if there is not a way I can protect my client's (pre-existing) SWF files without having to re-create them all to use flashvars and make calls to server and to inner SWF's. (Client already spent his budget on those SWF files.) I mean, do you know that it is NOT possible to just change the below code somehow so that it plays in the browser instead of trying to save to disk? If I could do it this way then I am all set, since I already have running a working webdna protection scheme.In any case, I really appreciate your having taken your time to write to me with your help![text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/text][text]theFileName=theFile.swf[/text][text]line_ending=%0D%0A[/text][ReturnRaw binarybody=[theFullPathtoFile]][!][/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!][/!]Status: 200[unurl][line_ending][/unurl][!][/!]Content-Type: application/octet-stream[unurl][line_ending][/unurl][!][/!]Content-Disposition: attachment; filename="[theFileName]"[unurl][line_ending][line_ending][/unurl][!][/!][/ReturnRaw]> If secured content is a strong requirement (packet> sniffers, reverse hacking of swf)...you can even engineer a simple> encryption key code for the final call that OSWF makes ...no one can > see> this link usually, not even in cache because OSWF submits it not the> browser. Oh yes, you can even encrypt the OSWF to protect reverse > hacking.>> Anyway ...you will get what you want. Remember, folks can bookmark > your page> link or OSWF directly, but only the page link will > work ...bookmarked or> stored OSWF will fail since without an ID or even an expired ID that > was> stored and deleted, it will fail.>> Hope that helps point you in the right direction.>> Cheers Terry Nair-Govinda Govinda

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser?

2009

Top Articles:

Related Readings: