[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser?

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 103474
interpreted = N
texte = Hi Govinda,Your Question ....." It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right?"Answer ....Yes it can be done. However, in this case, no dependencyrequired. See 'loadMovie()' ActionScript which basically allows you to callanother external swf (your original video file) into itself to control. YourOSWF handles that bit. No need to modify your clients swf file, you justneed to create a OSWF that act a shell or front man so to speak.Your Question...... " it sounds like you are saying that if adept at flash,one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?"Answer..... Yes correct. See AS ' LoadVars()'. From your OSWF ...thisfunction acts like Triggers in WebDNA as in it sends a HTTP link request outwith all the variables (paired values) you ask it to send (here is where theFlashvar ID gets sent back) to a WebDNA page (simple one with just WebDNAcodes to run where at the end of the processing, the page simply respondwith paired value eg. varStatus=pass, fail or whatever and it can even sendback additional paired values for the OSWF to process or update itself.) Noneed for HTML codes on the webDNA page which makes programming so much funthis way. OSWF on getting a response ...the paired value or values, thenruns AS to decide if to loadMovie your content swf or whatever.Your Question...... " here you mean a webdna [append] context right?"Answer..... Yes.Your Question....... " Then I assume you are saying that one can make aflash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play*unless called* by another outer SWF file?"Answer..... No. It is the OSWF that is intelligent. Your clients swf fileremains as is ...the dumb static file that gets loaded in OSWF if OSWFdetermines it is OK to load and run the content. See AS Preloader examplesand you will understand that concept better. It is very difficult, notimpossible to hack OSWF but certainly not easy for the casual user to seethe final link call to the original content because it requires specializedsoftware. Anyway, there are methods to protect against that as well. Note,OSWF is the way to go. See http://www.naxosmusiclibrary.com/home.asp andclick on Free Preview to see how they use this concept to protect mediacontent. Your Question..... " I mean, do you know that it is NOT possible to justchange the below code (Return Raw Stuff) somehow so that it plays in thebrowser instead of trying to save to disk? "Answer..... To the best of my knowledge, I believe you cannot get thateffect. When Return Raw is used, the browser cannot detect the MIME type ofthe file, hence it does not know which plug-in or action to use/do. That iswhy it prompts you. There is no way to tell the browser the MIME type of theembedded content within. It needs the suffix mapping...;-)Hope that helps ...Cheers TDnPS: By the way, if your client's swf is purely a static video or generalcontent file with no dependency links or call out, no one needs to hijackthe link. They can simply save the content to disk or even load it on theirown server to circulate the static content.-----Original Message-----From: Govinda [mailto:govinda.webdnatalk@gmail.com] Sent: Wednesday, August 26, 2009 21:52To: talk@webdna.usSubject: Re: [WebDNA] OT? - how to get webdna to tell browser to open SWFdirectly in the browser?Terry, I really appreciate you offering such a thorough explanation of what you do. Now I want to see if I can better understand a few places where I was foggy:> [snip]> ...To solve the swf hijacking issue you raised, what we would do is > to nest> your swf video file inside another swf file (outer swf file - OSWF).I have made/edited flash files with MX 2004 (macromedia), but I only learned just enough to finish a job I had... just using them as a static movie format really. I am not sure what it means to embed one flash file inside another. I know how to make SWF files which are made from other movies, but they are self-contained.. requiring no dependencies. It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right? (more below..)> The> OSWF is what the surfer sees and is what the hijacker will stick or > point> directly to. Your OSWF will call on the true video swf file to load > and play> only if it passes a check that it will perform ....if not, it blocks > the> content from playing, throws up a warning message or even redirects > the> end-user to the actual site that has the original work ...all > depends on> what you want it to do.>> So, what is this check that the OSWF does? Well, on your web page > that has> the OSWF file ...that page will be a WebDNA tagged page that > provides a> [cart] value as an id marker when the page is called. The id marker, > being a> cart value is unique throughout its life time, is also passed to the > OSWF as> a Flashvar.Here again my newness to flash creates doubts about my understanding.. Well I just googled it and got a start in understanding what is a 'Flashvar', but I was not clear on one thing.. it sounds like you are saying that if adept at flash, one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?> An Append linkhere you mean a webdna [append] context right?(more below..)> is also included on the same page to record that> ID generated on your server DB. All this is done when the page is > called or> requested ...so it is in play even before the OSWF starts to run.>> After the page loads in the browser of the end-user, the > OSWF ...when it> fully loads will then do a call out (using the Flashvar) to the server> asking for the same ID from the database that stored it upon page > download /> request. If it exists, the server respond back to the OSWF and it > allows> the video to download and play, deleting the ID from the database. > If the ID> call back fails, the server informs OSWF, deletes ID in Db where > OSWF does> what you want it to do to protect the content.>> Note, no need to clean up cart values stored in DB because it is > cleared> upon callback. No need for heavy loads on your media servers from > hijackers> stealing content because it is only called when OSWF calls it not > the user> or their browser.Then I assume you are saying that one can make a flash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play *unless called* by another outer SWF file? Otherwise my first thought was, "well, what if the hacker manages to guess the exact name/ address of the inner SWF who we are calling with the OSWF? ...then he could play it by hitting it directly with his browser.".My webdna skills are all up to speed, I am just trying to piece together missing pieces in my understanding (apparently all flash issues) so i can visualize what you are doing, and know where I would have to study to replicate your solution.And meanwhile I am still wondering if there is not a way I can protect my client's (pre-existing) SWF files without having to re-create them all to use flashvars and make calls to server and to inner SWF's. (Client already spent his budget on those SWF files.) I mean, do you know that it is NOT possible to just change the below code somehow so that it plays in the browser instead of trying to save to disk? If I could do it this way then I am all set, since I already have running a working webdna protection scheme.In any case, I really appreciate your having taken your time to write to me with your help![text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/text][text]theFileName=theFile.swf[/text][text]line_ending=%0D%0A[/text][ReturnRaw binarybody=[theFullPathtoFile]][!][/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!][/!]Status: 200[unurl][line_ending][/unurl][!][/!]Content-Type: application/octet-stream[unurl][line_ending][/unurl][!][/!]Content-Disposition: attachment; filename="[theFileName]"[unurl][line_ending][line_ending][/unurl][!][/!][/ReturnRaw]> If secured content is a strong requirement (packet> sniffers, reverse hacking of swf)...you can even engineer a simple> encryption key code for the final call that OSWF makes ...no one can > see> this link usually, not even in cache because OSWF submits it not the> browser. Oh yes, you can even encrypt the OSWF to protect reverse > hacking.>> Anyway ...you will get what you want. Remember, folks can bookmark > your page> link or OSWF directly, but only the page link will > work ...bookmarked or> stored OSWF will fail since without an ID or even an expired ID that > was> stored and deleted, it will fail.>> Hope that helps point you in the right direction.>> Cheers Terry Nair-Govinda---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usold archives: http://dev.webdna.us/TalkListArchive/Bug Reporting: http://forum.webdna.us/eucabb.html?page=topics&category=288 Associated Messages, from the most recent to the oldest:

Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? ("Terry Nair" 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Patrick McCormick 2009)
Re: [WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? ("Terry Nair" 2009)
[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser? (Govinda 2009)

Hi Govinda,Your Question ....." It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right?"Answer ....Yes it can be done. However, in this case, no dependencyrequired. See 'loadMovie()' ActionScript which basically allows you to callanother external swf (your original video file) into itself to control. YourOSWF handles that bit. No need to modify your clients swf file, you justneed to create a OSWF that act a shell or front man so to speak.Your Question...... " it sounds like you are saying that if adept at flash,one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?"Answer..... Yes correct. See AS ' LoadVars()'. From your OSWF ...thisfunction acts like triggers in WebDNA as in it sends a HTTP link request outwith all the variables (paired values) you ask it to send (here is where theFlashvar ID gets sent back) to a WebDNA page (simple one with just WebDNAcodes to run where at the end of the processing, the page simply respondwith paired value eg. varStatus=pass, fail or whatever and it can even sendback additional paired values for the OSWF to process or update itself.) Noneed for HTML codes on the webDNA page which makes programming so much funthis way. OSWF on getting a response ...the paired value or values, thenruns AS to decide if to loadMovie your content swf or whatever.Your Question...... " here you mean a webdna [append] context right?"Answer..... Yes.Your Question....... " Then I assume you are saying that one can make aflash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play*unless called* by another outer SWF file?"Answer..... No. It is the OSWF that is intelligent. Your clients swf fileremains as is ...the dumb static file that gets loaded in OSWF if OSWFdetermines it is OK to load and run the content. See AS Preloader examplesand you will understand that concept better. It is very difficult, notimpossible to hack OSWF but certainly not easy for the casual user to seethe final link call to the original content because it requires specializedsoftware. Anyway, there are methods to protect against that as well. Note,OSWF is the way to go. See http://www.naxosmusiclibrary.com/home.asp andclick on Free Preview to see how they use this concept to protect mediacontent. Your Question..... " I mean, do you know that it is NOT possible to justchange the below code (Return Raw Stuff) somehow so that it plays in thebrowser instead of trying to save to disk? "Answer..... To the best of my knowledge, I believe you cannot get thateffect. When Return Raw is used, the browser cannot detect the MIME type ofthe file, hence it does not know which plug-in or action to use/do. That iswhy it prompts you. There is no way to tell the browser the MIME type of theembedded content within. It needs the suffix mapping...;-)Hope that helps ...Cheers TDnPS: By the way, if your client's swf is purely a static video or generalcontent file with no dependency links or call out, no one needs to hijackthe link. They can simply save the content to disk or even load it on theirown server to circulate the static content.-----Original Message-----From: Govinda [mailto:govinda.webdnatalk@gmail.com] Sent: Wednesday, August 26, 2009 21:52To: talk@webdna.usSubject: Re: [WebDNA] OT? - how to get webdna to tell browser to open SWFdirectly in the browser?Terry, I really appreciate you offering such a thorough explanation of what you do. Now I want to see if I can better understand a few places where I was foggy:> [snip]> ...To solve the swf hijacking issue you raised, what we would do is > to nest> your swf video file inside another swf file (outer swf file - OSWF).I have made/edited flash files with MX 2004 (macromedia), but I only learned just enough to finish a job I had... just using them as a static movie format really. I am not sure what it means to embed one flash file inside another. I know how to make SWF files which are made from other movies, but they are self-contained.. requiring no dependencies. It sounds like you are saying one can make a SWF that is very small in file size and *does* require dependencies (other SWF files). Is this right? (more below..)> The> OSWF is what the surfer sees and is what the hijacker will stick or > point> directly to. Your OSWF will call on the true video swf file to load > and play> only if it passes a check that it will perform ....if not, it blocks > the> content from playing, throws up a warning message or even redirects > the> end-user to the actual site that has the original work ...all > depends on> what you want it to do.>> So, what is this check that the OSWF does? Well, on your web page > that has> the OSWF file ...that page will be a WebDNA tagged page that > provides a> [cart] value as an id marker when the page is called. The id marker, > being a> cart value is unique throughout its life time, is also passed to the > OSWF as> a Flashvar.Here again my newness to flash creates doubts about my understanding.. Well I just googled it and got a start in understanding what is a 'Flashvar', but I was not clear on one thing.. it sounds like you are saying that if adept at flash, one can make it so that the flash file can talk to the server, .. cause some webdna to run that returns a db value, and then reacts accordingly? This apparently has to be done in the flash file itself (here the 'OSWF')... otherwise it is just a static SWF file. Right?> An Append linkhere you mean a webdna [append] context right?(more below..)> is also included on the same page to record that> ID generated on your server DB. All this is done when the page is > called or> requested ...so it is in play even before the OSWF starts to run.>> After the page loads in the browser of the end-user, the > OSWF ...when it> fully loads will then do a call out (using the Flashvar) to the server> asking for the same ID from the database that stored it upon page > download /> request. If it exists, the server respond back to the OSWF and it > allows> the video to download and play, deleting the ID from the database. > If the ID> call back fails, the server informs OSWF, deletes ID in Db where > OSWF does> what you want it to do to protect the content.>> Note, no need to clean up cart values stored in DB because it is > cleared> upon callback. No need for heavy loads on your media servers from > hijackers> stealing content because it is only called when OSWF calls it not > the user> or their browser.Then I assume you are saying that one can make a flash file (the inner SWF file I am trying to protect) "intelligent" so that it will not play *unless called* by another outer SWF file? Otherwise my first thought was, "well, what if the hacker manages to guess the exact name/ address of the inner SWF who we are calling with the OSWF? ...then he could play it by hitting it directly with his browser.".My webdna skills are all up to speed, I am just trying to piece together missing pieces in my understanding (apparently all flash issues) so i can visualize what you are doing, and know where I would have to study to replicate your solution.And meanwhile I am still wondering if there is not a way I can protect my client's (pre-existing) SWF files without having to re-create them all to use flashvars and make calls to server and to inner SWF's. (Client already spent his budget on those SWF files.) I mean, do you know that it is NOT possible to just change the below code somehow so that it plays in the browser instead of trying to save to disk? If I could do it this way then I am all set, since I already have running a working webdna protection scheme.In any case, I really appreciate your having taken your time to write to me with your help![text]theFullPathtoFile=^path/to/your/file/in/globals/theFile.swf[/text][text]theFileName=theFile.swf[/text][text]line_ending=%0D%0A[/text][ReturnRaw binarybody=[theFullPathtoFile]][!][/!]HTTP/1.0 200 OK[unurl][line_ending][/unurl][!][/!]Status: 200[unurl][line_ending][/unurl][!][/!]Content-Type: application/octet-stream[unurl][line_ending][/unurl][!][/!]Content-Disposition: attachment; filename="[theFileName]"[unurl][line_ending][line_ending][/unurl][!][/!][/ReturnRaw]> If secured content is a strong requirement (packet> sniffers, reverse hacking of swf)...you can even engineer a simple> encryption key code for the final call that OSWF makes ...no one can > see> this link usually, not even in cache because OSWF submits it not the> browser. Oh yes, you can even encrypt the OSWF to protect reverse > hacking.>> Anyway ...you will get what you want. Remember, folks can bookmark > your page> link or OSWF directly, but only the page link will > work ...bookmarked or> stored OSWF will fail since without an ID or even an expired ID that > was> stored and deleted, it will fail.>> Hope that helps point you in the right direction.>> Cheers Terry Nair-Govinda---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usold archives: http://dev.webdna.us/TalkListArchive/Bug Reporting: http://forum.webdna.us/eucabb.html?page=topics&category=288 "Terry Nair"

DOWNLOAD WEBDNA NOW!

[WebDNA] OT? - how to get webdna to tell browser to open SWF directly in the browser?

2009

Top Articles:

Related Readings: