This content has been marked as final. Show 15 replies
no, it's not possible.
Thanks for the answer. But
is there a reason for it?
well, image if you could work out a way to do what you ask: to delete YOUR swf file from the user's cache. except not everyone may feel it's your swf.
it's on the user's computer (in a non-unique location) and the user may feel that's their swf and they probably feel it's their cache and they certainly feel it's their harddrive. it's not clear you have a right to mess with files on their harddrive that are in locations NOT unique to your swf.
further, if adobe added a feature to do just what you ask, they would have to put a lot of effort into making sure nothing else could be deleted from the user's harddrive by someone hacking their method. so, it's not a feature that you're likely to see added in the future.
Makes sense. Thanks. I didn't
realize all these complications.
this is a feature a lot of flash authors would like to see. and interestingly flash can create an object on a user's harddrive (the shared object) AND delete that object. but it's in a location unique to the download site (ie, you can't delete anyone elses shared object) and it's a proprietary file format.
On second thought, there seems another way of achieving
it. First, I'd load the external content, say, in tmp.jpg,
to my_movieclip. Then on the server side, an empty file
is copied to overwrite tmp.jpg.(One probably have to do
is loaded again, to another junk movieclip.
The tmp.jpg file now sitting in the internet temp files
directory does not have the real content. But my_movieclip
is showing the right picture.
Anyone tried this before?
when u load another tmp.jpg, it wont replace the 1st one, because temporary file stored in local machine actually saved as
tmp.jpg, tmp.jpg, tmp.jpg
Normally i use 2 tricks which are not really "working", for your reference:
1) Detect url, make the swf can play only under specific website/webpage, if run it from another website or from local pc, it wont run. You'll need some skill of server-side scripting.
2) Load an external text file (i call it as 'key') to get a data before swf can play. If 'key' not found, swf will play to a scene shows "error" or just blank.
Why i say it is not really working? Remember, people still can decompile the swf, modify it, remove the validation script, and... run
I played a bit more with this. The solution
looks trivial. If the contents are served from
a Microsoft IIS server, one can easily set the
http header so that no cache is stored anywhere,
not on the user's machine, not on the proxy and
not on the gateway.
That looks like pretty good protetcion. Or am
I missing something?
the no cache/pragma no cache was unreliable years ago and depended on the user's browser. with current browsers i doubt it works better.
Indeed, it does not work, if the swf
file is served in a browser. There is
a hidden Content.IE5 directory, in
which a lot of cache files are hidden,
although the internet temperory files
directory looks clean. What the heck
is Microsoft trying to do with such
a stupid hidden directory?
But when the swf is served as a standalone
application in a flash player, then at
least for the IE7/XP I am using, there
is no trace of the downloaded files.
Again, please let me know if I am missing
you probably are missing something. for the swf to be viewable by a user, it must be on their computer.
it's name and location may vary making it more or less difficult to find, but it's on their computer's harddrive. while viewing, if they search for and find it, they can copy it and there shouldn't be anything you can do to stop that.
Yes, you should try doing another method of user verification such as the ones suggested. Or others using calls via ExternalInterface to validate a user's right to play the SWF. At my company we have a validation PHP api that is called to verify that a user is allowed to play a file, and the API returns an XML file with appropriate information (the Flash file just requests XML from the PHP page). This has worked pretty well. You can't count on browsers to not cache....
Thanks for all your answers,
which have really helped me
to put things in perspective.
Let me make the situation more
explicit. I am going to use
an empty movieClip as a container.
All the Flash codes/graphics will be
loaded dynamically into this
container during run time from
a server, with user authentication.
There are two separate issues:
(1). Whether the client would
be able to access these external
contents on the server, after
cracking the container swf.
On the server side, there
are authentication routines,
so that a user must be verified
before he could load any external
contents. I can hide all related
scripts/functions on the server
side (via FMS or http server), so
that a user does not know what I
am doing. In fact, I could copy
to-be-loaded-contents into a scratch
directory just before loading,
and then the server side script
will delete these contents
after loading. So this
part should be as safe as my
authentication method, even if a
hacker has decompiled my swf.
(2). Whether the client
would be able to get hold of
the contents on his local
machines, since these
contents are loaded into
the container movieClip. This
part I am not sure. I thought
that if the files were not saved
on the disk as temp files and
if my connection was secured/
encrypted using https,
then it would be difficult for
a client to get hold of the
content swf files. But you guys
seem to be saying that a client can
still get it somehow.
loading a swf (or mp3 or image) into flash doesn't prevent that file from cached on the user's computer. it will still be cached. test it. there shouldn't be anything difficult about finding a loaded swf etc in your cache.
having an encrypted connection helps prevent non-users from "tapping" the connection between an authorized user and your server and helps prevent users from using a sniffer to tap the data being transmitted between the server and the swf.
I have run into the above
site, during one of my searches.
It provides a way to hide the
cache file. In mc.loadMovie(fnm),
fnm is not an SWF file, but
an ASP or PHP script that downloads
the actual SWF file. In this way,
http headings could be set explicitly
in the ASP or PHP script.
I tried it on my notebook, and
no SWF was cached (XP/IE7). I then
tried it on my desktop, which was
again XP/IE7, and also used as a
testing server. This time, I found
a cached swf when it was run as
an embed in a browser (although
not the one indicated by the original
author; but give it a try and
see what you'd find.) But when
I ran it as a standalone application
on my local disk, no cached swf
I'd be curious of other peoples'