Help Secure your XML data - Solution-ish
SirChuck Jul 15, 2009 8:30 AMNote: Possibly posting this in the wrong forum, Mods feel free to remove or correct.
This should add a small amount of deterance to someone stealing your data by
bypassing your flash .swf and just grabbing your xml file to parse themselves.
File name and variable names of course can be changed, simply keeping
with the example I'll keep them all what they should be for this
example to actually work.
** Description: This will let your change your secretValue for your
secretVariable on your flash program and not give you any downtime
when you upload your flash file with the new secretValue.
Just remember to change the values stored in your php file after
you uplaod your flash doc with the new secretValue. As people can
see the value you send to get your xml file it's not safe for long, if you
use this idea you'll have to keep up with changing your secretValue to
make it less desirable for pirates to get your info. In essance this solution
is designed to bring the end users of the data into the fold helping you decide
which ip's to potentially block or whatever action you see fit.
$current_check_value - should always be what your password for the live
flash doc is.
$when_updateFlash_check_value - should always be what your next password
will be next time you upload your flash doc.
Hope you like it.
By: Chuck Mongillo
// PHP File: The XML responder - sends out the xml data
<?PHP /* File Name: MyXMLfile.php and it would be held in Path: http://www.MyServer.com/MyPath/ */ // If your server requires you to specify your incoming variables // Uncomment this next line. // $secretVar = $_GET['secretVar']; // Tell your PHP file which passwords it will accept for right now // and the password it will accept after you update your flash .swf // so there is no downtime for your real project. Downside - your // always allowing 2 possible ways in, ie: 2 passwords. $current_check_value = "PiratesAreBad"; $when_updateFlash_check_value = "AreUaPirate"; if(($current_check_value != $secretVar)&&($when_updateFlash_check_value != $secretVar)){ // My current .swf secretValue and my updated .swf secretValue failed // Give the pirate a slap echo(" <?xml version=\"1.0\" encoding=\"utf-8\"?> <myRoot> <myXMLValues> <happyData>This data was stolen from MyServer.Com</happyData> <happyData>Please report it. Bad Pirate No Donut!!</happyData> </myXMLValues> </myRoot> "); // Stop further execution of this file exit; } // End bad password check else{ // Yay, its (seems to be) my .swf calling the program // Give the proper data echo(" <?xml version=\"1.0\" encoding=\"utf-8\"?> <myRoot> <myXMLValues> <happyData>Tomorrows Winning Lotto Number is:</happyData> <happyData>1 - 2 - 3 - 4 - 5 - 6</happyData> </myXMLValues> </myRoot> "); } // End good passsword check ?>
// Flash AS3 code: The data request
// In your flash document you should have something like this to pull your xml file: // Set a string to hold your xml path and secret value to check against secretValue:String = "PiratesAreBad"; myXMLurl:String = "http://www.MyServer.com/MyPath/MyXMLfile.php?secretVar=" + secretValue; // Set xml and loader variables var MyXMLloader:URLLoader = new URLLoader(); var MyXMLData:XML; // Get your XML MyXMLloader.load(new URLRequest(myXMLurl)); MyXMLloader.addEventListener(Event.COMPLETE, gotMyXMLData); function gotMyXMLData(e:Event):void { MyXMLData = new XML(e.target.data); MyXMLloader.removeEventListener(Event.COMPLETE, gotMyXMLData); // Still not sure why removing a listener requires a call to a function. // Expecially why people use it in the same funciton it sits in. // But, now you have your xml data. }
If you have other ideas or want to expand on this one feel free, thanks.
