January 26th, 2012, 03:07 PM
Can I hide the .swf path in the source code?
After doing much research online, I think the answer is NO, but I figured I would ask here anyway.
For a client of mine, I am trying to embed a flash application on his WordPress website. The application is housed at hisdomain.com / app / button.swf (not a real URL, obviously). The only way I know how to embed this application inside of his site is to use an iframe or to use the Kimli flash plugin for WordPress. Both work fine; however, when you view the source code you can easily see the URL. Since users must pay to access the application, they could then just copy/paste the URL into a browser and not go through his site to use it.
Is there any way to hide the source/path so that when people view the source code, they won't be able to see the URL and copy it? Any help would be greatly appreciated!
January 26th, 2012, 04:58 PM
Not really. The browser has to be able to find it, and if the browser can then the user can too.
If you're worried about authentication and authorization then that needs to be built into the Flash app too.
January 26th, 2012, 05:05 PM
This is what I keep finding everywhere, which is why I feel at a dead end.
But then I see a site like this and feel like either a) there is a way or b) I'm missing something:
buttonsonlinestudio . com / _demo / adv /
(used spaces in URL since I'm new and can't post links.)
If you open their button designing application and then view source, I see where the flash is embedded, but I can't for the life of me figure out where the actual flash file is housed so that I could use it off of their site. Am I missing something?
January 27th, 2012, 10:10 AM
I did "View Source" in IE9 then CTRL-F to search for swf and found this on line 119:
<param name="movie" value="index.swf" />
So modifying their URL becomes:
Which is a direct link to their app. No magic. You can do things inside the Flash file such as get it to check the domain it is running in. If it's the correct one then run the file else do something else like display a warning message or just a blank screen. It helps protect it against people that are not savy but if someone really wanted to steal your goodies they can just grab a direct link to the web based SWF like I did or copy it from their browser cache. Then you can drop it into a SWF decompiler. Then edit out your domain limiting code and do what they like with it.
That's part of the reason some people use 3rd party wrappers when using Flash for stand alone applications. Zinc for instance (never use it, it is absolute junk) compiles your SWF and extra assets into a single .exe executable file. So someone would have to write a Zinc exe decompiler, which asfaik does not exist atm. Harder job than getting hold of one of the many SWF decompilers out there.
Motivated people will always get what they want, if there was a perfect copy protection system then everybody would be using it already.
Quis custodiet ipsos custodes?