Forum Moderators: coopster
I have read a few forums here on ideas to stop flash being stolen and have (what I think is) a solution and have two questions about it at the bottom.
First my flash is whatever.swf
My page the user sees is home.php for example and is like so
<?
session_start();
$_SESSION['ok_to_send_flash'] = 'yes';//this session allows flash to be downloaded
<EMBED src="get_flash.php" quality=best WIDTH="500" HEIGHT="330" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
?>
now my get_flash.php,
<?
session_start();
if ($_SESSION['ok_to_send_flash'] == 'yes'){//session will be set in page with swf embed html
header("content-type: application/x-shockwave-flash");
echo file_get_contents('path_to/whatever.swf');
}
$_SESSION['ok_to_send_flash'] = '';
?>
I have tested this and it workd and does not seem to add the flash file to my cache.
Question 1: Do you see a way around this?
Question 2: If this seems reasonalble to do, does this put more of a load on the server for the fact that php has to open the file and then send it?
Question 2 is a general question I have wondered for a while, passing files like images etc the way I have above, does that cause much more server load or is it roughly the same?
Thanks
Yes, it adds more overhead. Noticeable? Probably not. Only if you are already getting tons of download traffic could the percentage increase be something to notice.
Since your solution depends on the browser "auto downloading" the .swf file, a determined thief will simply write a program to do the downloading that pings the .html page first to get a valid session then directly downloads the .swf.
So, it only stops casual theft but maybe that's enough? Depends on what you're protecting I suppose. :)
Nothing too critical being protected, but it a reusable app, so better to stop a few then none.
Cheers
