Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Secure SWF Delivery - Potential Solution
Secure SWF Delivery - Potential Solution
  • El Forum
    Guest
  •  
#1
04-18-2009, 08:22 AM

[eluser]meridimus[/eluser]
Using CodeIgniter I'm trying to work out the best method for secure SWF file delivery for a game development company.

Here's the back story

A flash gaming website, hosting purely self created content (it's not a portal) already hosts swf files in a public web directory, although it's not able to be hotlinked because of htaccess files, they can be accessed by going to the url (e.g. http://example.com/swf/game.swf).

The flash gaming site has users, some of which can be invited to participate in early beta access to help the developer finalise the game. Even though the page is protected by not allowing unregistered/non-beta users into the page, the swf can still be accessed by going directly to the url.

The Problem

The site is a target for players who want to get their hands on the games before they're available to the public and leak them. Usually people do this by create a VB app that tricks the SWF that it's played on the intended url, when it's not.

Intended Solution

1. Lock the SWF directory with .htaccess so it's completely invisible to ALL public users, only local PHP can access it.
2. Create a file delivery class that does the following:
2.1 Finds out if the current user has the appropriate access
2.2 Finds the latest version of the uploaded game file
2.3 Somehow tags the game with the name/id of the user
2.4 Delivers the content to the user as usual (even when a game isn't a preview)
2.5 If the user isn't meant to have access, deliver an alternate SWF and log the breach
2.5 Checks if more than a certain number of breaches have been made in the past hour and auto-bans the user from the site for 24 hours


Does this sound like a valid solution to the problem? I wonder if there are any other methods or additional security precautions I should take?


I'd be very grateful for any feedback. Thanks!
  • El Forum
    Guest
  •  
#2
04-18-2009, 09:22 AM

[eluser]Mike Ryan[/eluser]
Hi,

Sounds like an interesting solution. Could you elaborate on 2.4? How will the content be delivered "as normal" if .htaccess is blocking access to .swf files?
  • El Forum
    Guest
  •  
#3
04-18-2009, 09:57 AM

[eluser]pistolPete[/eluser]
[quote author="Mike Ryan" date="1240086173"]How will the content be delivered "as normal" if .htaccess is blocking access to .swf files?[/quote]

I'd use readfile() or fpassthru() to send the SWF contents to the user.




Theme © iAndrew 2016 - Forum software by © MyBB