当前位置: 文江博客话题详情

如何将SWF文件绑定到主机?

发布于 2024-12-26 14:33:35 字数 672 浏览 0 评论 0原文

我正在开发一个主要的 Flash 项目,该项目将成为网站的核心内容。

正如你们大多数人所知,几乎任何站点都可以通过复制缓存文件和层次结构(文件和文件夹结构)来完全复制,并且如果使用的话,它可以在启用了 PHP 的 Apache 服务器上毫无问题地运行。

我想知道的是:如何绑定SWF文件在特定主机上运行?

SWF文件将被加密,因此外部人员无法访问用于阻止SWF运行的方法在不同的主机上,问题是:使用什么方法?

我认为解决方案可以是对 SWF 内的主机 IP 进行硬编码,因此,如果 SWF 正在寻找 123.123.123.123,则只有具有该 IP 的主机才允许 SWF 进一步运行。

问题是 AS3 本身无法发现主机 IP,或者如果它尝试加载资源文件也可以发现主机 IP?无论如何,这就是为什么我需要你的帮助。

编辑:好吧,似乎有人之前要求过类似的东西:您能否保护您的 swf,以便它检查它是否在可识别的环境中运行? 我会尝试一下,看看它是如何工作的,但问题仍然悬而未决,以防有人有不同的建议。

原文

I'm working on a major Flash project that is going to be the core content of a site.

As most of you well know, almost any site can be entirely copied by copying the cached files and the hierarchy (files and folders structure), and it would run without problems on an Apache server with PHP enabled, if used.

What I would like to know is: How to bind SWF files to run on a specific host?

The SWFs will be encrypted, so outsiders won't have access to the methods used to stop the SWF from running on a different host, question is: what method to use?

I think the solution could be hardcoding the host IP inside the SWF, so if the SWF is looking for 123.123.123.123, only a host with that IP would allow the SWF to run further.

The issue is that AS3 alone can't discover the host IP or could it if it's trying to load a resource file? Anyway, that's why I need your help.

EDIT: Ok, seems someone asked for something similar earlier: Can you secure your swf so it checks if it is running on a recognized environment?
I'll try that and see how it works, but the question is still open in case anyone has different suggestions.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

指尖上的星空 2025-01-02 14:33:35

我使用此方法来确定我的配置文件中是处于开发状态还是处于生产状态。

var lc:LocalConnection = new LocalConnection();
switch ( lc.domain ){
  case "myDomain.com":
  case "":// local file reference  for dev
  case "localhost":// local file reference  for dev
  case "dev.mydomain.com":// local file reference for dev
    break;
  default:
    // unknown domain do crash the app here
}

I use this method to determine if I am on dev or production in my config files.

var lc:LocalConnection = new LocalConnection();
switch ( lc.domain ){
  case "myDomain.com":
  case "":// local file reference  for dev
  case "localhost":// local file reference  for dev
  case "dev.mydomain.com":// local file reference for dev
    break;
  default:
    // unknown domain do crash the app here
}
回复 原文
回忆那么伤 2025-01-02 14:33:35

您可以尝试的一种方法是 swf 向其发送请求的 php 脚本,并且必须收到正确的回复才能继续运行。由于人们无法访问您的服务器端 php,因此他们无法获得模拟该回复所需的代码。

One method you could try is a php script that the swf sends a request to and must receive a correct reply from before it continues to operate. Since people can't get at your server-side php, they can't get the needed code to simulate that reply.

回复 原文
蓬勃野心 2025-01-02 14:33:35

SWF 将被加密,因此外部人员将无法访问用于阻止 SWF 在不同主机上运行的方法
由于该文件将在客户端计算机上运行(因此它们的密钥必须以可访问的方式存储),因此这并不是真正的保护。

最好的方法可能是将 SWF 逻辑的一部分放在服务器上,并且不允许从第三方主机访问该部分(通过使用跨域文件)。

The SWFs will be encrypted, so outsiders won't have access to the methods used to stop the SWF from running on a different host
Since the file will run on a client computer (and thus they key would have to be stored in an accessible way), this isn't really that much of a protection.

The best way would probably be to have part of the SWF-logic on the server, and not give access to that part from third party hosts (by using the crossdomain file).

回复 原文
心清如水 2025-01-02 14:33:35

研究将 main 包装在预加载器类型中的想法,并将 main 放入服务器上的安全目录中。我不记得这是如何解决缓存问题的,但它与包装器加载 main 的方式有关。

像这样的事情:

// preloader.as (embedded in fla)
var imageLoader:Loader;

function randomNumber(low:Number=NaN, high:Number=NaN):Number
{
  var low:Number = low;
  var high:Number = high;

  if(isNaN(low))
  {
    throw new Error("low must be defined");
  }
  if(isNaN(high))
  {
    throw new Error("high must be defined");
  }

  return Math.round(Math.random() * (high - low)) + low;
}
function loadImage(url:String):void {
imageArea.visible=false;
preloader.visible = true;
// Set properties on my Loader object
imageLoader = new Loader();
imageLoader.load(new URLRequest(url));
imageLoader.contentLoaderInfo.addEventListener(ProgressEvent.PROGRESS, imageLoading);
imageLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, imageLoaded);
imageArea.addChild(imageLoader);
}
// DOIT!
loadImage("main.sw?"+randomNumber(1000,10000)); //NOT A TYPO!
//loadImage("main.swf"+randomNumber(1000,10000);


function imageLoaded(e:Event):void {
// Hide Preloader
preloader.visible = false;
}

function imageLoading(e:ProgressEvent):void {
// Get current download progress
var loaded:Number = e.bytesLoaded / e.bytesTotal;
// Send progress info to "preloader" movie clip
preloader.SetProgress(loaded);
}

/// this is main.sw  //NOT A TYPO
<?php
// Tried this - abandoned
// session_start();
//
// if(isset($_SESSION["flash"])) {
//   $referrer = $_SERVER["HTTP_REFERER"];
//   $referrer = parse_url($referrer);
//   if($referrer["host"] != $_SESSION["flash"]) {
//     echo "Permission denied.";
//     exit();
//   }
// } else {
//   echo "Permission denied.";
//   exit();
// }
//
// unset($_SESSION["flash"]);

header("Content-type: application/x-shockwave-flash");
readfile("/secure/main.swf");
?>

// main.as
public function onCreationComplete(event:Event):void{
  Security.allowDomain( "*" );
  Security.loadPolicyFile( "crossdomain.xml" );
}

// crossdomain.xml
<?xml version="1.0"?>    
   <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
   <cross-domain-policy>
   <allow-access-from domain="*" />
   </cross-domain-policy>

这应该可以帮助你开始。这里的想法是防止任何人在他们的机器上获取 main - 我不确定它是否有效。

Look into the idea of wrapping main inside a type of preloader, and putting main into a secure dir on the server. I cant remember how this gets around the cache problem, but it had to do with how the wrapper loads main.

Something like this:

// preloader.as (embedded in fla)
var imageLoader:Loader;

function randomNumber(low:Number=NaN, high:Number=NaN):Number
{
  var low:Number = low;
  var high:Number = high;

  if(isNaN(low))
  {
    throw new Error("low must be defined");
  }
  if(isNaN(high))
  {
    throw new Error("high must be defined");
  }

  return Math.round(Math.random() * (high - low)) + low;
}
function loadImage(url:String):void {
imageArea.visible=false;
preloader.visible = true;
// Set properties on my Loader object
imageLoader = new Loader();
imageLoader.load(new URLRequest(url));
imageLoader.contentLoaderInfo.addEventListener(ProgressEvent.PROGRESS, imageLoading);
imageLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, imageLoaded);
imageArea.addChild(imageLoader);
}
// DOIT!
loadImage("main.sw?"+randomNumber(1000,10000)); //NOT A TYPO!
//loadImage("main.swf"+randomNumber(1000,10000);


function imageLoaded(e:Event):void {
// Hide Preloader
preloader.visible = false;
}

function imageLoading(e:ProgressEvent):void {
// Get current download progress
var loaded:Number = e.bytesLoaded / e.bytesTotal;
// Send progress info to "preloader" movie clip
preloader.SetProgress(loaded);
}

/// this is main.sw  //NOT A TYPO
<?php
// Tried this - abandoned
// session_start();
//
// if(isset($_SESSION["flash"])) {
//   $referrer = $_SERVER["HTTP_REFERER"];
//   $referrer = parse_url($referrer);
//   if($referrer["host"] != $_SESSION["flash"]) {
//     echo "Permission denied.";
//     exit();
//   }
// } else {
//   echo "Permission denied.";
//   exit();
// }
//
// unset($_SESSION["flash"]);

header("Content-type: application/x-shockwave-flash");
readfile("/secure/main.swf");
?>

// main.as
public function onCreationComplete(event:Event):void{
  Security.allowDomain( "*" );
  Security.loadPolicyFile( "crossdomain.xml" );
}

// crossdomain.xml
<?xml version="1.0"?>    
   <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
   <cross-domain-policy>
   <allow-access-from domain="*" />
   </cross-domain-policy>

That should get you started. The idea here was to prevent anyone from getting main on their machine- I am not sure if it worked.

回复 原文
输什么也不输骨气 2025-01-02 14:33:35

您可以让服务器端页面使用基于日期的算法生成密钥,该密钥通过 flash var 传递到您的 swf。这样,“复制”的密钥将不起作用,因为到那时,有效日期已经过去了。据我了解,这本质上就像使用 RSA 令牌。

除此之外,您拥有的任何安全性还需要在 SWF 中添加代码来验证您的令牌。这里的问题是 SWF 很容易被反编译。这意味着你的代码不安全:(你可以混淆你的 AS3,希望迷惑任何“黑客”。

总而言之,我从未尝试过这样的事情,所以让我们知道它是如何进行的!

You may have a server-side page generate a key using a date-based algorithm which is passed via flash var to your swf. This way a "copied" key won't work because by that time, the valid date will have passed. From what I understand, this would essentially be like using an RSA token.

Aside from this, any security you have will also need code to be inside your SWF to validate your token. The problem here is that SWFs are known to decompile quite easily. Meaning that your code isn't safe :( You could obfuscate your AS3 in hopes to confuse any "hackers".

All in all, I've never attempted anything like this, so let us know how it goes!

回复 原文
~没有更多了~

关于作者

紫竹語嫣☆

暂无简介

文章
评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Promise

文章 0 评论 0

qq_lbRlsh

文章 0 评论 0

待"谢繁草

文章 0 评论 0

yy2010hell

文章 0 评论 0

漫无边际

文章 0 评论 0

傲娇萝莉攻

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文