I need to design a mini website to give to clients. The site includes mp3s and videos which must be played within the site itself and not use any 3rd party media players. Is Flash the only / best solution?
I also need to protect these files. Is there a way that I can stop users 'exploring' the CD and not get access to the content?
Flash is a 3rd party component.
You might want to try experimenting with HTML 5 see the link below:
http://www.w3schools.com/html5/html5_audio.asp
This would make your websites functionality dependent on the browser the client is using.
It is unlikely you would be able to prevent users accessing the music files on the CD. Possibly you could store the data on the CD in an encrypted format and make your own custom active x control that decrypts the data on the fly. This would be difficult to do though. Do you mind if I ask why you want to distribute your site on CD? Why don't you just make a website and have user access control on it?
Related
I'm building an angular 2 website where only authenticated users can access content. Some of this content is peoples photos, to which access must be restricted to authenticated users only. Furthermore, these images should be delivered in an optimized fashion depending upon the device calling them; for example, a retina mobile screen, or an old-fashioned laptop.
Any ideas about how (or the best practices) to achieve this correctly?
We do something like this, but we don't use angular for it, we use css to determine which images to display. Separate classes with the images attached for them based on viewports. Are you wanting a angular 2 specific answer? Or will the viewports displaying different images work?
I was wondering if it's possible to capture a screenshot and/or record my computer screen(s) via a website?
If it is possible, what languages would I need to learn/code? I already have intermediate knowledge of HTML, CSS, JavaScript, jQuery, and PHP.
In other words: I want to have the ability to capture/record my screen (not the website) via using a website (not an application).
Thanks!
This is not possible. Web sites are very deliberately given only restricted access to your computer for security reasons. Imagine the havoc that could result if a malicious web site were able to see and capture what was on your screen--banking information, your confidential e-mails, etc. Even if the user had to give permission for this level of access, it would still be way too easy to trick a user into giving that permission.
The closest I could find/think of was http://www.screencast-o-matic.com/screen_recorder, but even then you have to download a launch plugin. I agree with #DLH. This is for your protection.
My favorite screen recorder is ScreenPresso - it is always running in background, and repurposed the PrtScn button as its launch key.
I have a wmv video hosted in SharePoint. I've created a Content Editor web part with a bit of custom content and I've placed a simple link to the video Click to view.
There is really nothing special going on here. Some users can click on the link and the video opens in their default video player. Other users see a range of different errors/prompts. Some users are prompted for their network credentials and others receive a generic "Internet Explorer cannot display the webpage.
The same problems occur if I create a generic HTML web page (outside of SharePoint) and have users try to launch the video.
I am trying to avoid embedding the video in the HTML and just have users link directly to the video itself.
Has anyone encountered this issue and do you have any suggestions for making this work?
This appears to be a combination of browser issues and file security.
People are being asked for their network credentials because the file itself is not "public"; it requires authentication to be read, or appears to do so from your description. Different browsers will display different messages when attempting to authenticate for the file.
Additionally, the default player for a browser may not be set or the browser may not allow passoff to third party programs, both of which will generate different messages for different browsers. This will always be an issue for hot-linked videos, and there's nothing you can do about it except use some guaranteed playback platform that all consuming browsers must have installed, such as Flash or Silverlight. That comes with issues all on its own, but such is the nature of the online world.
I have couple of .swf games files uploaded to my server. I want to run some test, but I dont want to expose or let public/others people to see our swf files. Currently, if I type:
www.domain.com/games/game1.swf
It will play the swf file.
I tried to visit some other flash game based websites. When I visit one of the swf files (e.g www.xxx.com/folder/flash.swf), it would redirect me to the homepage (www.xxx.com)
Is this the correct way to prevent public people to view my swf files?
There are a lot of swf-to-fla decompiler third party software, will my swf files secured?
Will my swf files being hacked/stolen (code and graphics)?
Once your swf files being hacked, will my website safe from web attacks?
How to secure swf files?
Please help
You have a lot of questions here.
When I visit one of the swf files ... it would redirect me to the homepage ...
I would suspect this is implemented by checking the 'HTTP_REFER', when loading the .SWF page. You could do this if you like.
Is this the correct way to prevent public people to view my swf files?
No. Depending on what server you're running, you should put some authentication on the folder '/TestSwfs', and then upload all your swfs to there, and you will need to log in first. Fairly simple to do this in both IIS and Apache, but let us know which one you are running.
There are a lot of swf-to-fla decompiler third party software, will my swf files secured?
I suspect not. There are probably SWF Obfuscators though, but they can still be reversed.
Once your swf files being hacked, will my website safe from web attacks?
It shouldn't matter. You should not be inlcuding secrets/passwords in your SWFs that you don't want to be public. You may be writing high-scores, and you can step up the complexity required by doing some crypto, or other such things, but really, for just high scores, it's probably not important.
Design your SWF code so that even if it was public, your server would be safe.
One additional point to Silky's answer.
You should implement REST Api correctly in your SWF, that will assume that even if someone can hack your swf (which is very easy), the can not login to your server and manipulate any data or bring it down.
You should never directly alter database by using direct apis, you should always use webservices instead of database connectivity tools.
I want to allow my users to embed their own Flash animations in their posts. Usually the actual file is hosted on some free image hosting site. I wouldn't actually load the flash unless the user clicked a button to play (so that nothing auto-plays on page load). I know people can make some really annoying crap in flash, but I can't find any information about potential serious damage a flash app could cause to the viewer.
Is it unsafe to embed just any flash file from the internets? If so, how can I let users embed innocent animations but still keep out the harmful apps?
edit:
From what I can gather, the most obvious threat is for actionscript to redirect you to a malicious site.
Adobe says you can set allowScriptAccess=never and allowNetworking=none and the swf should have no access to anything outside of itself. Will this solve all my problems?
Flash has some neat security measures in place. Allowing users to upload swf's to your site and embedding them is unsafe, you're basically setting yourself up for an XSS attack.
However, allowing them to hotlink should not be a problem. The swf will be locked to the domain that is hosting it and is not allowed calling url's outside of that space.
It will still be open to "evil links" (i'm sure theres a proper word for them), and by that I mean having regular links to yoursite.com/admin/deleteallpages.php which it tries to load "as" you. It will not however be able to use this data in any way, it'll basically be the same as a normal link, and I'd guess modern cms' are protected from that type of attacks.
You could get the same protection by hosting your flashes on a different subdomain, since flash considers this the same as a completely different domain.
When embedding SWFs from unknown sources, it is also best practice to throw a mask on the Loader so that the loaded SWF can't take over more screen real estate than expected.
Pseudo-code to do so:
var maskSpr : Sprite = new Sprite();
maskSpr.graphics.beginFill();
maskSpr.graphics.drawRect(0,0,safeWidth,safeHeight);
maskSpr.graphics.endFill();
myLdr.mask = maskSpr;
There is actually more than one option.
To be totally safe, set allowScriptAccess=never and allowNetworking=none and the swf will have no access to anything outside of itself.
NOTE: allowNetworking is only in Flash Player 9 (it was created in response to various myspace worms), so you'll need to use SWF Object to insure that only users with the right flash player version or better have the flash loaded.
If you want to enable things like youtube videos, though, you can't set allowNetworking to "none". Fortunately, there is an intermediate level of security for this field - "internal" which lets the SWF talk to its hosted domain.
Also note that you better not have a crossdomain.xml file on your site - read more about those dangers here and other places.
Here are some other sites that are mentioned by other answers that go into more detail:
http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_04.html
http://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html
As an example Drupal has a scenario of how allowing flash content from users could be a security concern.
Adobe says you can set allowScriptAccess=never and allowNetworking=none and the swf should have no access to anything outside of itself. Although allowNetworking is only in Flash Player 9, so users with earlier versions of Flash would still be susceptible to some exploits.
Creating more secure SWF web applications : Security Controls Within the HTML Code
How to restrict SWF content from HTML
Yes, it's unsafe.
There's no easy way of allowing it. You could have a domain whitelist that allowed YouTube, Hulu, etc. through, but whitelisting is inherently painstaking - you'd be constantly updating.