I have a Flash app that makes periodic calls (using URLRequest and URLLoader) to the same server that hosts it, to check if the current session has expired or not.The problem with this is a man in the middle can spoof a valid response.Is there a generally accepted way to validate a response?Would using 'https' in URLRequest(url) invoke https protocol, would that be sufficient? I'm not a security expert, but would that check if the site is who they say they are, just like the browser?
I have Flash Media Streaming Server 3.5 (not Interactive) running on RHEL5.5 x86_64 Linux.All is working well, however how do I prevent unauthorized access to connecting to the live stream and streaming content?How can I setup the server to require a user and password to stream live media to the server?I am new to this product and I have been reading some documentation but I have not found a clear cut answer on how to force a username and password to connect to the server to stream live content only.I am using the Adobe FMS Apache install, what files need changing?[code]I want to lock down a person from connecting to the server on the public internet and starting a live stream?Can this be done with a user name and password?
We are planning a desktop client application with Adobe AIR. The client app will be delivered to our customers with a database, which contains monthly updated marketing data provided by our company. As different customers will buy different sets of data from us, for example, a customer is only interested in marketing data in a specific product category, while another customer need all data in a certain region. After a customer installs this client app, new data will be emailed to the customer every month.
So, the requirement is to keep the data accessible only by the customer who bought it. After reading through AIR's secure local store and database encryption feature, I came up with the following design: each customer will have his own secret key (stored in AIR's secure local store), the secret key is used to encrypt the data that the customer has purchased. Of course, the monthly data that we sent to the customer will be encrypted using the same secret key. So my questions are: is AIR's database encryption and secure local store secure enough for this use case? If someone gets the encrypted database file, can he decrypt the DB?
I got a IP Communications new account having following paramters:
[Code]...
Its showing me connecting ... Status is not getting update like: "Connection Failed" or "Connection Success". how to use the above information in this app,
how to make secure SWF files, so that decompilers like sothink won't be able to decompile these swf files at all. i have been assigned some research work to find out the stuff to make swf files highly secured
I'm building a flash-game-site for a while. The big trouble is Secure Score Submitting System .I search on the net and find some ineffective techniques:
-Secret word method: there is an secret word (crypto pass) on the server and flash gets it from server and uses for crypting score data then sends it to server. But the algoritm that does the crypto job, can be accesible with a swf decompiler. Also getting the secret word from server outside of flash is simple. Not safe!
-HTTP_REFERER method: php (or what else) check HTTP_REFERER data to determine where the post coming from. But with a simply firefox extensions, the referer header can be changed. Not safe!
That is my own idea but can only make cracking harder, not more:
-We can get flash vars with js (:swliveconnect) and send to server. Flash just make a fake submit that makes no effect. Just a trick. But not safe
1) I'm trying to create a Flash Login Form but I guess its working with ASP or PHP. Can I make Flash to check usernames from any local mdb? As long as project doesn't require internet connection, excel or sqlite will be enough for me.
2) This question is related to first question. If I cant use a mdb file it seems I'll need to embed all those 5.000 users in flash project, am I correct? Also projects SWF file is 50mb. It will work from CD source, would that cause any problem? I've made it all in one SWF file for security
Im trying to make connection from flex to java and from java to mysql. I managed to connect to java, but having error that class not found: com.mysql.jdbc.Driver. But i downloaded mysql.jar, included it added to library, and connection works when i testing it from clipse scrapbook. Dont know what to do, i spend last couple days on this.
Basically the solution was simple. Everybody keeps saying to put jar into lib folder, so i done it, but i wasnt realised that i have to put into my servers lib directory, not app lib directory and this miserable mistake cost so much. Anyway i hope this will help for some newbie like me.In this particular situation im using red5, so i putted it into my red5 dist/lib directory and "surprisingly" its started to work.
I need to transfer data from a flash application running in a browser to a server running php. If I use an https connection will that be enough to ensure that the data sent from flash to the server is encrypted and sensitive data can't be sniffed, or do I need to do encryption in my flash application itself?
Does anyone know a 100% secure way to transfer a variable from Flash to PHP. I have a SSL on my site, but I've been told that using the loadvars cmd is about as unsecure as you can get, even if your page is secure.One of the suggestions was Flash Remoting, can anyone confirm that this is a safe way to send a secure variable?
I know there are a lot of topics already on this. I have read (hundreds of) them and I'd still like your input.
If I have a flash UI that takes user input and passes it to PHP; is this secure? I have read that, yes, this is okay. I have also read that no, you need to encrypt the data, by say hashing it before sending to PHP. OK, easy, I do this already but.....
In my case I have the data/password stored (when the user inputs it, not in the swf of course) and sent every time I want to access any PHP (using AMFPHP). The PHP check this password each time and only runs if it gets the correct password. So in this case if I hash the password, it makes no difference, it just changes what the password is rather than providing any actual security (well maybe minimal because it's less recognizable).
So can someone extract a password that is sent from flash to PHP?
I have been trying to promote a new web site written entirely in full browser flash. Nobody at all was comfortable with the idea of checking out inside of flash (even though its just as secure). So I went to the only method I could think of which is a getUrl into a new window with my https checkout page. Well, I guess with popup blockers and such... this is proving to be a disaster. I am losing most of my customers after two or three attempts to checkout according to my logs. They either cant figure out how to allow the popup or it spits them out and they lose the order.
Okay so im pretty frustrated. Then I start thinking about how I am calling facebooks java api from within flash to popup requests in front of my flash movie. Maybe there is some method like this? Something I can do via external interface? I really have to get this figured out as soon as possible. I am very curious to see what people here have done about this issue.
Alright so I'm making a website for my friends band, and they want to have a music player to play their MP3's. One of the things I'm concerned about though, is the security of the MP3 files. Their albums are on iTunes to buy, so I'm looking for what the best option to have the MP3s be played but not be able to be downloaded and saved.The best thing I can think of is embedding the MP3's inside a Flash music player, but that would be more work than it's worth it seems.
In flash, is it possible to have your application check that the environment it is running on is "recognized". If so, how do you go about doing it? I want to put my swf on my website and prevent people using it on their site.
I have some videos that I don't want to let the realplayer be able to have downloaded with their program. Is there any actionscript or technique to block the download process, and just keep streaming the videos in the application?
I'm trying to build a secure login area on a Flash-AS3 website. I've managed to create the login form and pass data to a PHP script which checks them.
1) I know that in PHP I can echo some infos that can be get from AS3. In this case I suppose to echo something like "success" or "failed" to give an answer to the login attempt. Is this way of communication secure? Can anybody sniff this content and force AS3 to behave like if login was successful?
2) Suppose that PHP-AS3 communication has been secured. What should I do now? May I simply show admin pages hidden before? Is it the correct way? Is it secure?
I am wondering if it is possible to embed a YouTube video on a https website. As far as I can tell YouTube videos can only be embedded with the http:// protocol. Is there a way to embed them on a page without Firefox throwing an error?
I'm creating a flash application that will post images to a url for saving to disk/display later. I was wondering what are some suggested strategies for making this secure enough so that the upload is verified as coming from the application and not just some random form post. Is it reliable enough to check referring location realizing that I don't need bulletproof security, or perhaps setting authentication headers is a better strategy even though it seems unreliable from what I have read. The application and the server script will reside on the same domain and is in java - is there a way to check for a 'session' or something like that?
Another thought I had was some sort of simple hashed key type system, I could hard-code a key into the flash application and pass something to the server based on that - the server would also know this key and be able to verify if the value passed was based on that? The app is a public app, so authenticating users is not an option. After more research I am thinking about using a hard coded salt key on both ends, then sending an MD5 hash of the base64 encoded image bytearray+salt to be matched on the server side.
I'm working on a site which allows people to pay to stream videos online. I'm currently using JW Player to stream FLV/F4V files from Amazon S3, using a signature.This method is extremely unstable, and needless to say, useless. I've heard I can use Amazon CloudFront as a CDN for my videos. But that it won't make the files any more secure, if I've understood it correctly.Price is an important thing. I know hosting/streaming video is expensive, but what are my best options, for a cheap, reliable, and as-safe-you-can solution for me? I have very little hosting experience,
I'm trying to build a secure login area on a Flash-AS3 website. I've managed to create the login form and pass data to a PHP script which checks them. Now I've got some questions.
1) I know that in PHP I can echo some infos that can be get from AS3. In this case I suppose to echo something like "success" or "failed" to give an answer to the login attempt. Is this way of communication secure? Can anybody sniff this content and force AS3 to behave like if login was successful?
2) Suppose that PHP-AS3 communication has been secured. What should I do now? May I simply show admin pages hidden before? Is it the correct way? Is it secure?
I would like to create a secure login section for a website. I have managed to build up an AS3-PHP communication where PHP checks user credentials. I am already providing data enchryption between AS3 and PHP but I would like to add some further security. Is it possible to implement a HTTPS login section?
I would like to create a multiplayer online game (tic-tac-toe/chess) and i am not sure which language to use. I am familiar with JS/PHP and heard about comet Does comet stand a chance against Flash, if yes whats the limitations except the lack of smooth animations like flash allows? What are the differences regarding resources and memory needed? SECURITY: Is it possible to create Flash-games without any chance to modify (flash-)cookies etc... for cheating? i know lot of questions, i do hope for your recommendations into the reight direction.
Is flash (actionscript 2.0) secure enough to use for a website that holds personal info, password, restricted areas, ect. How can I make it secure enough if it's possible.
I have inherited a custom application on Flash Media Interactive Server 3.0 that broadcasts audio in real time. The custom app is written using Adobe Flash Professional 8 and actionscript 2.0.
A little background of how the custom app works When a user connects to the media server to join a stream, our custom application calls out to a seperate application server (that is not Flash) to determine if the user is allowed to connect to a broadcast stream and which stream they should join. We use Xml.sendAndLoad() to do this. The application server we call sends back Xml to the custom App on the Flash Media Server.
I have to make connection to the DB and Insert a row based on the data that the SWF sent me...I will need to make it so that the SWF->PHP part is secure by not letting users tamper with data.I don't want to use SSL because its not a suitable solution... what other method is available?
I have an SWF that communicates with a PHP file and ultimately the DB. The PHP checks whether the User has the appropriate Password etc. and if it is accepted, the actions the person performed on the SWF (game) are used to compete with other Players of the game.
send altered data or actions that are illegal in the game with their submition? To clarify: If a character in the game can only move 1 square at a time, can an evil evil hacker/decompiler (who is a Player in the game) tell the SWF to tell the PHP file that his/her character moves 3 squares at a time?
I'm just want a sense that things will be somewhat secure. There isn't any sensitive information in the SWF besides the location of the PHP file on the net.
We have a swf file that we want to secure and make available only to authorized users.
I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example.
However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure.
