15 Replies Latest reply on Feb 21, 2007 12:32 AM by David Mok

    delete an swf file after download

    David Mok
      This is the situation: after a client load external content
      from an http server into his flash movie, a copy of the
      file for the external content (say, an SWF file) is stored
      in the "Temporary Internet Files" folder.

      To protect the external content, is it possible to automatically
      remove this file, after the loading is done? This should of
      course be built into the client movie. Within ActionScript,
      there seems to be no delete file function of any sort.

      Is it possible to do it by loading a javascript or ASP page?
      Any suggestions would be appreciated.
        • 1. Re: delete an swf file after download
          kglad Adobe Community Professional & MVP
          no, it's not possible.
          • 2. Re: delete an swf file after download
            David Mok Level 1
            Thanks for the answer. But
            is there a reason for it?

            • 3. Re: delete an swf file after download
              kglad Adobe Community Professional & MVP
              well, image if you could work out a way to do what you ask: to delete YOUR swf file from the user's cache. except not everyone may feel it's your swf.

              it's on the user's computer (in a non-unique location) and the user may feel that's their swf and they probably feel it's their cache and they certainly feel it's their harddrive. it's not clear you have a right to mess with files on their harddrive that are in locations NOT unique to your swf.

              further, if adobe added a feature to do just what you ask, they would have to put a lot of effort into making sure nothing else could be deleted from the user's harddrive by someone hacking their method. so, it's not a feature that you're likely to see added in the future.
              • 4. Re: delete an swf file after download
                David Mok Level 1
                Makes sense. Thanks. I didn't
                realize all these complications.
                • 5. Re: delete an swf file after download
                  kglad Adobe Community Professional & MVP
                  this is a feature a lot of flash authors would like to see. and interestingly flash can create an object on a user's harddrive (the shared object) AND delete that object. but it's in a location unique to the download site (ie, you can't delete anyone elses shared object) and it's a proprietary file format.
                  • 6. Re: delete an swf file after download
                    David Mok Level 1
                    On second thought, there seems another way of achieving
                    it. First, I'd load the external content, say, in tmp.jpg,
                    to my_movieclip. Then on the server side, an empty file
                    is copied to overwrite tmp.jpg.(One probably have to do
                    this outside Flash, using javascript.) Finally, tmp.jpg
                    is loaded again, to another junk movieclip.

                    The tmp.jpg file now sitting in the internet temp files
                    directory does not have the real content. But my_movieclip
                    is showing the right picture.

                    Anyone tried this before?


                    • 7. Re: delete an swf file after download
                      ggshow Level 2
                      when u load another tmp.jpg, it wont replace the 1st one, because temporary file stored in local machine actually saved as
                      tmp[1].jpg, tmp[2].jpg, tmp[3].jpg


                      Normally i use 2 tricks which are not really "working", for your reference:

                      1) Detect url, make the swf can play only under specific website/webpage, if run it from another website or from local pc, it wont run. You'll need some skill of server-side scripting.

                      2) Load an external text file (i call it as 'key') to get a data before swf can play. If 'key' not found, swf will play to a scene shows "error" or just blank.

                      Why i say it is not really working? Remember, people still can decompile the swf, modify it, remove the validation script, and... run
                      • 8. Re: delete an swf file after download
                        David Mok Level 1
                        I played a bit more with this. The solution
                        looks trivial. If the contents are served from
                        a Microsoft IIS server, one can easily set the
                        http header so that no cache is stored anywhere,
                        not on the user's machine, not on the proxy and
                        not on the gateway.

                        That looks like pretty good protetcion. Or am
                        I missing something?

                        • 9. Re: delete an swf file after download
                          kglad Adobe Community Professional & MVP
                          the no cache/pragma no cache was unreliable years ago and depended on the user's browser. with current browsers i doubt it works better.
                          • 10. Re: delete an swf file after download
                            David Mok Level 1
                            Ouch!!!!!!

                            Indeed, it does not work, if the swf
                            file is served in a browser. There is
                            a hidden Content.IE5 directory, in
                            which a lot of cache files are hidden,
                            although the internet temperory files
                            directory looks clean. What the heck
                            is Microsoft trying to do with such
                            a stupid hidden directory?

                            But when the swf is served as a standalone
                            application in a flash player, then at
                            least for the IE7/XP I am using, there
                            is no trace of the downloaded files.

                            Again, please let me know if I am missing
                            something here.

                            • 11. Re: delete an swf file after download
                              kglad Adobe Community Professional & MVP
                              you probably are missing something. for the swf to be viewable by a user, it must be on their computer.

                              it's name and location may vary making it more or less difficult to find, but it's on their computer's harddrive. while viewing, if they search for and find it, they can copy it and there shouldn't be anything you can do to stop that.
                              • 12. Re: delete an swf file after download
                                liquidleaf
                                Yes, you should try doing another method of user verification such as the ones suggested. Or others using calls via ExternalInterface to validate a user's right to play the SWF. At my company we have a validation PHP api that is called to verify that a user is allowed to play a file, and the API returns an XML file with appropriate information (the Flash file just requests XML from the PHP page). This has worked pretty well. You can't count on browsers to not cache....
                                • 13. Re: delete an swf file after download
                                  David Mok Level 1
                                  Thanks for all your answers,
                                  which have really helped me
                                  to put things in perspective.

                                  Let me make the situation more
                                  explicit. I am going to use
                                  an empty movieClip as a container.
                                  All the Flash codes/graphics will be
                                  loaded dynamically into this
                                  container during run time from
                                  a server, with user authentication.

                                  There are two separate issues:

                                  (1). Whether the client would
                                  be able to access these external
                                  contents on the server, after
                                  cracking the container swf.
                                  On the server side, there
                                  are authentication routines,
                                  so that a user must be verified
                                  before he could load any external
                                  contents. I can hide all related
                                  scripts/functions on the server
                                  side (via FMS or http server), so
                                  that a user does not know what I
                                  am doing. In fact, I could copy
                                  to-be-loaded-contents into a scratch
                                  directory just before loading,
                                  and then the server side script
                                  will delete these contents
                                  after loading. So this
                                  part should be as safe as my
                                  authentication method, even if a
                                  hacker has decompiled my swf.

                                  (2). Whether the client
                                  would be able to get hold of
                                  the contents on his local
                                  machines, since these
                                  contents are loaded into
                                  the container movieClip. This
                                  part I am not sure. I thought
                                  that if the files were not saved
                                  on the disk as temp files and
                                  if my connection was secured/
                                  encrypted using https,
                                  then it would be difficult for
                                  a client to get hold of the
                                  content swf files. But you guys
                                  seem to be saying that a client can
                                  still get it somehow.

                                  • 14. Re: delete an swf file after download
                                    kglad Adobe Community Professional & MVP
                                    loading a swf (or mp3 or image) into flash doesn't prevent that file from cached on the user's computer. it will still be cached. test it. there shouldn't be anything difficult about finding a loaded swf etc in your cache.

                                    having an encrypted connection helps prevent non-users from "tapping" the connection between an authorized user and your server and helps prevent users from using a sniffer to tap the data being transmitted between the server and the swf.
                                    • 15. Re: delete an swf file after download
                                      David Mok Level 1
                                      oddhammer.com/tutorials/dont_cache/

                                      =============

                                      I have run into the above
                                      site, during one of my searches.
                                      It provides a way to hide the
                                      cache file. In mc.loadMovie(fnm),
                                      fnm is not an SWF file, but
                                      an ASP or PHP script that downloads
                                      the actual SWF file. In this way,
                                      http headings could be set explicitly
                                      in the ASP or PHP script.

                                      I tried it on my notebook, and
                                      no SWF was cached (XP/IE7). I then
                                      tried it on my desktop, which was
                                      again XP/IE7, and also used as a
                                      testing server. This time, I found
                                      a cached swf when it was run as
                                      an embed in a browser (although
                                      not the one indicated by the original
                                      author; but give it a try and
                                      see what you'd find.) But when
                                      I ran it as a standalone application
                                      on my local disk, no cached swf
                                      was found.

                                      I'd be curious of other peoples'
                                      test results.