Re: lingo-l dcr security
My thoughts exactlyam planning to increase security checking if the dcr is playing from a particular url...if not I will delete the contents of the castlib.need to figure out how best this can be implemented though. Thanks and Regards, Anand Ravi - Original Message - From: Daniel Nelson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 20, 2003 10:05 PM Subject: Re: lingo-l dcr security There is a forthcoming Encryption Xtra from SmartPants Media that I highly recommend. Unfortunately, it sounds like you want to protect content from being stolen by the user from within an app that displays that content to the user. I believe there is no way you will ever achieve this. If the player app can display the content, then the user viewing the content has access to the decryption scheme...that will always be a security hole. Data can only be secured en route to its intended audience. If you can give the audience a public key, then you can prevent others from intercepting it, but you won't be able to stop them from stealing that data. You can make it difficult to access, but if the data were desirable enough, it could be accessed without brute force. Regards, Daniel [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!] [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
Does this mean that for example the audio downloads from Apple's online music store are really not that secure? Since the user viewing the content (the digital audio files) theoretically has access to the decryption scheme (within iTunes) Unfortunately, it sounds like you want to protect content from being stolen by the user from within an app that displays that content to the user. I believe there is no way you will ever achieve this. If the player app can display the content, then the user viewing the content has access to the decryption scheme...that will always be a security hole. Data can only be secured en route to its intended audience. If you can give the audience a public key, then you can prevent others from intercepting it, but you won't be able to stop them from stealing that data. You can make it difficult to access, but if the data were desirable enough, it could be accessed without brute force. [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
There is a forthcoming Encryption Xtra from SmartPants Media that I highly recommend. Unfortunately, it sounds like you want to protect content from being stolen by the user from within an app that displays that content to the user. I believe there is no way you will ever achieve this. If the player app can display the content, then the user viewing the content has access to the decryption scheme...that will always be a security hole. Data can only be secured en route to its intended audience. If you can give the audience a public key, then you can prevent others from intercepting it, but you won't be able to stop them from stealing that data. You can make it difficult to access, but if the data were desirable enough, it could be accessed without brute force. Regards, Daniel [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
Thank you all for your inputs..specially Valentin and Thomas... I was wondering if I should author the content is dirctor and use some sophesticated encryption algorithms to encrypt the dcrs and develop a rendering emgine that will decrypt the dcr's and display them...my next project may involve very sensitive data and data security will be a critical concern... I'm wondering if Macromedia should come up with a security extension for their products Thanks and Regards, Anand Ravi - Original Message - From: Thomas Higgins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 18, 2003 9:10 PM Subject: RE: lingo-l dcr security Valentin already covered the big parts, yes you can extract media from DCRs but you cannot extract script text. I did want to add one thing: An embedded swf will not be directly available in the ache, but can get extracted from the dcr/cct as entioned above. It's key to note that if you use a linked external Flash cast member then yes, that external SWF file can get downloaded to the browser's cache. If you use an internal member then the SWF is available as a Director cast member only, there's no export to SWF in Director (in case that makes your client feel any safer). Cheers, Tom Higgins Product Specialist - Director Team Macromedia ... [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!] [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
you could check out DataSave Xtra from Media Click Software (former MEDIA Shoppe): http://www.mediashoppe.com/xtras.php#DataSafe valentin Anand Ravi wrote: Thank you all for your inputs..specially Valentin and Thomas... I was wondering if I should author the content is dirctor and use some sophesticated encryption algorithms to encrypt the dcrs and develop a rendering emgine that will decrypt the dcr's and display them...my next project may involve very sensitive data and data security will be a critical concern... I'm wondering if Macromedia should come up with a security extension for their products Thanks and Regards, Anand Ravi - Original Message - From: Thomas Higgins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 18, 2003 9:10 PM Subject: RE: lingo-l dcr security Valentin already covered the big parts, yes you can extract media from DCRs but you cannot extract script text. I did want to add one thing: An embedded swf will not be directly available in the ache, but can get extracted from the dcr/cct as entioned above. It's key to note that if you use a linked external Flash cast member then yes, that external SWF file can get downloaded to the browser's cache. If you use an internal member then the SWF is available as a Director cast member only, there's no export to SWF in Director (in case that makes your client feel any safer). Cheers, Tom Higgins Product Specialist - Director Team Macromedia ... [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!] [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!] [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
Vlist has full encryption as well, as projector and shockwave. On 10/19/03 9:10 AM, Valentin Schmidt [EMAIL PROTECTED] spewed forth: I was wondering if I should author the content is dirctor and use some sophesticated encryption algorithms to encrypt the dcrs and develop a rendering emgine that will decrypt the dcr's and display them...my next project may involve very sensitive data and data security will be a critical concern... [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
At 11:41 Uhr +0530 19.10.2003, Anand Ravi wrote: I was wondering if I should author the content is dirctor and use some sophesticated encryption algorithms to encrypt the dcrs and develop a rendering emgine that will decrypt the dcr's and display them...my next project may involve very sensitive data and data security will be a critical concern... another approach might be to make sure, the movie runs from a fixed location (in case of shockwave) and as stage to prevent the easy method of stripping the content: check the moviepath check if the stage = the activewindow and then you could only have a dummy dcr with only the compiled scripts and no media in it and load the media dynamically from a multiuser server by providing a password. that way you could be able to send the media of the #flash movie over to your dcr from the server to the dcr, which runs from the correct location as stage. nonetheless, there are ways to hack this.But I don't think that there is ANY absolut not hackable solution for ANYTHING on a computer... ;-) -- ||| a¿ex -- [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
lingo-l dcr security
Hi List, A question on dcr security. My client has a lot of valuble content that needs to be distributed over the web. however, he wants to ensure that it is not easy for anyone to get the content. This is one of the chief reasons for not opting for Flash given that the swf file format is an open format. Are there any commercial decompilers available that can work with dcr's? How accurate are they? An extension to the question is if I embed some swf in the cast and distribute the contnet, will the swf be avaiable as such in the cache? Am experimenting on these issues now. Any thoughts will be highly appreciated. Thanks and Regards, Anand Ravi [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
Re: lingo-l dcr security
It's quite easy to extract all media (including swf) from protected or shocked movies or casts, you can do this with director and some lingo or with the tool dirOpener (http://www.j-roen.net/diropener/). But I don't think there is any decompiler for compiled lingo code. An embedded swf will not be directly available in the cache, but can get extracted from the dcr/cct as mentioned above. valentin Anand Ravi wrote: Hi List, A question on dcr security. My client has a lot of valuble content that needs to be distributed over the web. however, he wants to ensure that it is not easy for anyone to get the content. This is one of the chief reasons for not opting for Flash given that the swf file format is an open format. Are there any commercial decompilers available that can work with dcr's? How accurate are they? An extension to the question is if I embed some swf in the cast and distribute the contnet, will the swf be avaiable as such in the cache? Am experimenting on these issues now. Any thoughts will be highly appreciated. Thanks and Regards, Anand Ravi [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!] [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]
RE: lingo-l dcr security
Valentin already covered the big parts, yes you can extract media from DCRs but you cannot extract script text. I did want to add one thing: An embedded swf will not be directly available in the ache, but can get extracted from the dcr/cct as entioned above. It's key to note that if you use a linked external Flash cast member then yes, that external SWF file can get downloaded to the browser's cache. If you use an internal member then the SWF is available as a Director cast member only, there's no export to SWF in Director (in case that makes your client feel any safer). Cheers, Tom Higgins Product Specialist - Director Team Macromedia ... [To remove yourself from this list, or to change to digest mode, go to http://www.penworks.com/lingo-l.cgi To post messages to the list, email [EMAIL PROTECTED] (Problems, email [EMAIL PROTECTED]). Lingo-L is for learning and helping with programming Lingo. Thanks!]