flash / php

Out of context: Reply #20

  • Started
  • Last post
  • 23 Responses
  • enobrev0

    This is gonna seem pretty extravagent, but it should be solid. I haven't done this, but this is how I would, or at least where i would start.

    you're going to want to use some kind of encryption scheme on both ends.

    You want to encrypt something on the server. Decrypt it in the swf. Reencrypt it (so you have a different hash sent back to the server) and send it to the php script. The php script will then know the request is coming from the right place. Also, since it's all encrypted, you won't have to do any particular url checking.

    You'll want to find classes / functions for php and actionscript for the same encryption algorithm. You'll want something that can be deciphered (md5 for instance can't be)

    now you have the file that calls the swf (the php file with the object or embed tag in it's html) with an encrypted key. Something like

    src="myfil.swf?k="

    Now, your parent movie will have a variable called k with a value of something like asd76dashd98ashf89asdh

    You decrypt k in the swf and you'll have the equivalent of something like

    k = 'someword-05102004105335';

    that number is just a date. mdYGis (month, day, 4 number year, 24 hour, minute, second).

    At this very moment it's
    5/10/2004 10:53:35

    The reason for the date is to ensure the encrypted value will be differnt every time (the encrypted string will be different every second of every day)

    Now you parse out the 'someword' from that k variable (dont remember the function in actionscript, but it's the equivalent of php's substr - grab everything before the dash).

    Now encrypt that string with a new date and time just like we did in php. This ensures we have a differnt key coming form the swf than what was in the html (so the two can't be compared).

    Finally, in your php script, decrypt the string like we did in the parent swf. If you find the right word ('someword' in this case), then it's coming from the right place.

    For added security, you can have that word change every day or every few hours or whatever. Since the original word is coming from the server and not the swf, you'd only have to change the word in one place.

    Well, that's how I would do it. Let me know what you eventualyl come up with.

    Good luck!

    enobrev 0Permalink
    UpvoteDownvote
    Flag
      Show [[ numHiddenNotes ]] more notesAdd Note
      SaveCancel

    View thread