-
1. Re: Prevent opening the swf without html wrapper
sinious Jan 24, 2013 8:11 AM (in response to eprevot123)Try checking this.loaderInfo.loaderURL and see if the SWF is the file loaded, if so perform a navigateToURL() to a different location.
Speaking of ExternalInterface, you can even use it to get the URL via JS as well because it's enabled:
import flash.external.ExternalInterface;
var pageURL:String = ExternalInterface.call('window.location.href.toString');
-
2. Re: Prevent opening the swf without html wrapper
moccamaximum Jan 24, 2013 8:28 AM (in response to eprevot123)If you are trying to prevent that somebody is downloading your swf, there is no way to do that.
Modern decompilers directly read the swf out of the browser.
And hundreds of plugins like this.
.
-
3. Re: Prevent opening the swf without html wrapper
sinious Jan 24, 2013 8:35 AM (in response to moccamaximum)There is a protect SWF from import feature that can help protect the SWF but the OP never mentioned protection was important and the global rule in computing always applies. If someone REALLY wants to hack you and has skills, you are getting hacked, period.
-
4. Re: Prevent opening the swf without html wrapper
eprevot123 Jan 24, 2013 8:39 AM (in response to sinious)Well, here I just want to avoid people using directly the swf because then they would have ugly errors.
But if you can provide a link to an effective way of protecting SWF from import sinious, I would be happy to see it !
I can't use this.loaderInfo.loaderURL, it is the same when you open the swf or through the html.
But I will use ExternalInterface.call('window.location.href.toString')
I used something similar to check that the swf is not opened from another domain, I should have thought of that.
Thank you
-
5. Re: Prevent opening the swf without html wrapper
sinious Jan 24, 2013 8:50 AM (in response to eprevot123)You're welcome and unfortunately the rules I just mentioned apply. As much as you can do is check off "Protect from import" and assign a password in SWF export options. At least then your SWF cannot be imported into Flash without the password. Beyond that, if someone really wants to hack your SWF there's virtually no way to protect it (or anything else). Rest assured it is very difficult to do and unless you're saving tons of extremely sensitive information in the SWF, I wouldn't worry. Use at least AES encrypted strings everywhere you can if possible use secure methods like encrypted traffic to a database or protected region out of HTTP accessibility. Even then, not to beat a dead horse, if someone REALLY wants to hack you and is skilled, they probably will. Anticipate, protect as best you can and prepare to mitigate as always.
-
6. Re: Prevent opening the swf without html wrapper
eprevot123 Jan 24, 2013 9:05 AM (in response to sinious)I don't use Flash CS but only FlashBuilder, I don't think there is a "Protect from import" option.
The swf does not hold "extremely sensistive" information but I would just like to protect my work. We offer a paid service but if someone imports, decompiles, and modifies the swf, he may access the service free. There are additional protections on the server side, but as you said if somebody wants, he will. I just want to add the most protections I can.
-
7. Re: Prevent opening the swf without html wrapper
sinious Jan 24, 2013 11:06 AM (in response to eprevot123)Even protect from import isn't safe from decompilation. Simple rule, never, EVER save sensitive information or media in a SWF. (I only use FB4.6/4.7 Premium myself as well).



