0 Replies Latest reply: Jul 15, 2009 8:30 AM by SirChuck RSS

    Help Secure your XML data - Solution-ish

    SirChuck Community Member

      Note: Possibly posting this in the wrong forum, Mods feel free to remove or correct.

       

      This should add a small amount of deterance to someone stealing your data by

      bypassing your flash .swf and just grabbing your xml file to parse themselves.

       

      File name and variable names of course can be changed, simply keeping

      with the example I'll keep them all what they should be for this

      example to actually work.

       

       

      ** Description: This will let your change your secretValue for your

      secretVariable on your flash program and not give you any downtime

      when you upload your flash file with the new secretValue.

       

      Just remember to change the values stored in your php file after

      you uplaod your flash doc with the new secretValue. As people can

      see the value you send to get your xml file it's not safe for long, if you

      use this idea you'll have to keep up with changing your secretValue to

      make it less desirable for pirates to get your info. In essance this solution

      is designed to bring the end users of the data into the fold helping you decide

      which ip's to potentially block or whatever action you see fit.

       

      $current_check_value - should always be what your password for the live

      flash doc is.

      $when_updateFlash_check_value - should always be what your next password

      will be next time you upload your flash doc.

       

      Hope you like it.

       

       

      By: Chuck Mongillo

       

       

       

      // PHP File: The XML responder - sends out the xml data

      <?PHP
      /*
      File Name: MyXMLfile.php and it would be held in
      Path: http://www.MyServer.com/MyPath/
      */
      
      // If your server requires you to specify your incoming variables
      // Uncomment this next line.
      
      // $secretVar = $_GET['secretVar'];
      
      // Tell your PHP file which passwords it will accept for right now
      // and the password it will accept after you update your flash .swf
      // so there is no downtime for your real project. Downside - your
      // always allowing 2 possible ways in, ie: 2 passwords. 
      
      $current_check_value = "PiratesAreBad";
      $when_updateFlash_check_value = "AreUaPirate";
      
      if(($current_check_value != $secretVar)&&($when_updateFlash_check_value != $secretVar)){
           // My current .swf secretValue and my updated .swf secretValue failed
           // Give the pirate a slap
      
           echo("
           <?xml version=\"1.0\" encoding=\"utf-8\"?>
           <myRoot>
                <myXMLValues>
                     <happyData>This data was stolen from MyServer.Com</happyData>
                     <happyData>Please report it. Bad Pirate No Donut!!</happyData>
                </myXMLValues>
           </myRoot>
           ");
      
           // Stop further execution of this file
           exit;
      
      } // End bad password check
      else{
           // Yay, its (seems to be) my .swf calling the program
           // Give the proper data
      
           echo("
           <?xml version=\"1.0\" encoding=\"utf-8\"?>
           <myRoot>
                <myXMLValues>
                     <happyData>Tomorrows Winning Lotto Number is:</happyData>
                     <happyData>1 - 2 - 3 - 4 - 5 - 6</happyData>
                </myXMLValues>
           </myRoot>
           ");
      
      } // End good passsword check
      ?>
      
      

       

      // Flash AS3 code: The data request

       

      // In your flash document you should have something like this to pull your xml file:
      
      // Set a string to hold your xml path and secret value to check against
      secretValue:String = "PiratesAreBad";
      myXMLurl:String = "http://www.MyServer.com/MyPath/MyXMLfile.php?secretVar=" + secretValue;
      
      // Set xml and loader variables
      var MyXMLloader:URLLoader = new URLLoader();
      var MyXMLData:XML;
      
      // Get your XML
      MyXMLloader.load(new URLRequest(myXMLurl));
      MyXMLloader.addEventListener(Event.COMPLETE, gotMyXMLData);
      
      function gotMyXMLData(e:Event):void
      {
           MyXMLData = new XML(e.target.data);
           MyXMLloader.removeEventListener(Event.COMPLETE, gotMyXMLData);
           // Still not sure why removing a listener requires a call to a function.
           // Expecially why people use it in the same funciton it sits in.
           // But, now you have your xml data.
      }
       
      
      

       

       

           If you have other ideas or want to expand on this one feel free, thanks.