如何限制Flex应用程序只能从我的网站上运行? [英] How to restrict a Flex application to only run from my website?
问题描述
是有可能使一个Flex应用程序只能从我的域中运行?因此,用户不能照搬瑞士法郎并在本地启动它。
is it possible to make a Flex-application to only run from my domain? So a user can't copy the .swf and start it locally.
推荐答案
在很多情况下,这不会因为与crossdomain.xml的相关的安全模型的工作。
In a lot of cases this won't work because of the security model associated with the crossdomain.xml.
http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
比方说,我有一个Flex应用程序,有一个服务电话,登陆我的后台数据库(也许是PHP和MySQL)。除非我明确地启用它的crossdomain.xml策略文件中的应用程序将无法与我的服务器进行通信,除非该SWF文件是直接从我的域加载。如果应用程序是当地的它看起来到我的服务器就像本地主机试图通过Flex应用程序来访问我的后端。因此,在默认情况下,这将不能工作,除非明确的规则是到位的的crossdomain.xml,允许从本地主机访问。同样,一个人不能简单地把SWF在不同的服务器上,并尝试访问从我的服务器,除非我的远程服务器添加到crossdomain.xml的政策。
Say for example, I have a flex app that has a service call and login to my backend database (perhaps PHP and mysql). Unless I explicitly enable it in crossdomain.xml policy file the app will not be able to communicate with my server unless the swf file is directly loaded from my domain. If the app was local it would look to my server like localhost was trying to access my backend through the flex app. So by default this would not work unless an explicit rule was put in place in the crossdomain.xml to allow access from localhost. Likewise someone cannot simply put the swf on a different server and try to access from my server unless I add that remote server to the crossdomain.xml policy.
所以回到你的问题。显然,这crossdomain.xml的东西并不真正适用,如果你的Flex应用程序是非常简单的,不设法使服务调用到服务器。例如,如果您有简单的游戏,只是加载和播放,而不挠游戏里面更多的服务器调用。
So back to your question. Obviously, this crossdomain.xml stuff doesn't really apply if your flex app is really simple and does not try to make service calls to a server. For example, if you have simple game that just loads and plays without additional server calls inside the flex game.
如果你想保护您的应用程序,你可以有启动顺序,使您的网站一个非常简单的服务器通话过程中一个基本的手机之家的过程。它不必是任何超级复杂,只要求在启动时你的应用程序的一个往返服务调用。或许,检查存储在PHP端的变量简单的按键或字符串,并且不要让Flex应用程序运行,除非该密钥是有效的。你可以硬code中的动作里面的关键预期。或者也许有跟踪多少次该应用被启动并存储的计数在数据库或东西一个基本记录器。最主要的是不要让应用程序完全启动,直到这个请求到服务器返回一个有效的结果。
If you wanted to protect your app you could have a basic "phone home" process during the startup sequence that makes a very simple server call to your website. It doesn't have to be anything super complicated, just require a round trip service call in the start up of your app. Perhaps check for a simple key or string stored in a variable on the PHP side, and don't let the flex app run unless that key is valid. You could hardcode the expected key inside the actionscript. Or perhaps have a basic logger that tracks how many times the app is launched and store the count in a database or something. The main thing is do not let the app completely launch until this request to the server has returned a valid result.
如果你有这样的地方则crossdomain.xml的政策将在踢,如果有人下载您的SWF它不应该工作,因为它会尝试从本地主机到服务器进行呼叫。或者,如果他们窃取你的应用程序,并将其驻留在其网站上它不应该工作的。
If you have this in place then the crossdomain.xml policies will kick in and if someone downloads your swf it shouldn't work because it will try to make a call from localhost to your server. Or if they steal your app and host it on their site it shouldn't work either.
这篇关于如何限制Flex应用程序只能从我的网站上运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
