Comments on: Protecting Flash files from unauthorized playback http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/ web application development with popular technologies Tue, 02 Dec 2008 08:53:25 +0000 http://wordpress.org/?v=2.0.5 by: Cameron Manderson http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-14647 Sat, 02 Dec 2006 06:52:17 +0000 http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-14647 A mod_rewrite for images may work the same for flash? RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [OR,NC] RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [OR,NC] RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [OR,NC] RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://mysite/images/bad.gif [L,R] A mod_rewrite for images may work the same for flash?

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://localhost/.*$ [OR,NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [OR,NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [OR,NC]
RewriteRule .*\.(gif|GIF|jpg|JPG)$ http://mysite/images/bad.gif [L,R]

]]> by: Richard Lee http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-35 Thu, 30 Mar 2006 04:48:36 +0000 http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-35 Ok, there seems to be a section of the post missing i'll have to re-post Ok, there seems to be a section of the post missing i’ll have to re-post

]]> by: Cameron Manderson http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-34 Thu, 30 Mar 2006 04:36:06 +0000 http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-34 Hotlink protection on other files (other than SWF as Richard has pointed out lack of support) For those of you running CPanel this tutorial may be relevant: - http://www.newista.com/tutorial/xskin/HotLinkProtection.html For those of you who have access to mod_rewrite it strong at protecting access - http://www.splintered.co.uk/experiments/52/ Just out of interest does that mean if we fluke the HTTP header request to the target server, with a referral URL of their server, we can get around mod_rewrites ability to stop hotlinking? Hotlink protection on other files (other than SWF as Richard has pointed out lack of support)

For those of you running CPanel this tutorial may be relevant:
- http://www.newista.com/tutorial/xskin/HotLinkProtection.html

For those of you who have access to mod_rewrite it strong at protecting access
- http://www.splintered.co.uk/experiments/52/

Just out of interest does that mean if we fluke the HTTP header request to the target server, with a referral URL of their server, we can get around mod_rewrites ability to stop hotlinking?

]]> by: Cameron Manderson http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-33 Thu, 30 Mar 2006 04:30:34 +0000 http://www.melbournechapter.net/wordpress/programming-languages/php/rich/2006/03/30/protecting-flash-files-from-unauthorized-playback/#comment-33 Ok so it protects in two ways: - Writing a flash movie wrapper, but can only protect if the wrapper is called (in which it checks the URL it is being loaded from). Could this method work if the actual SWF that we want to load had the check? - Second is issuing an expiring key with a unique unknown composite MD5 key Meaning that whoever is linking to the file will have to update the key before being able to load the content after it expires? Ok so it protects in two ways:

- Writing a flash movie wrapper, but can only protect if the wrapper is called (in which it checks the URL it is being loaded from).
Could this method work if the actual SWF that we want to load had the check?

- Second is issuing an expiring key with a unique unknown composite MD5 key
Meaning that whoever is linking to the file will have to update the key before being able to load the content after it expires?

]]>