I need to create a secure 'flash' demonstration CD 1

[prworld]

Hi

I have a 'product demonstration' saved as a flash video file that I wish to distribute to potential clients.

My problem is that the content of this Flash Video contains sensitive information and I need to be able to restrict the access to the flash file to the intended person.

Ideally I want to be able to put the flash video onto a CD with password protection and specify the number of times it can be accessed.

I.e. the recipient can enter the password and watch the video clip. After which the file is locked and cannot be viewed again.

(Does playing a flash video create a local temp file that can be opened independently?)

Any help is greatly appreciated.

 

[damber]

I would recommend posting in the Flash Forum forum250 - you will get much better answers regarding flash there.

The problem you will have here is one of monitoring usage. Assuming that Flash can perform the necessary actions, including:

1. Request password for use and validate against encrypted version on the disk.
2. Determine usage count*
3. Update Usage count
4. Play flash animation

* Now when checking the usage count via flash it will be able to determine if it should run again... the problem is really about how do you record it... you cannot record it on the CD (even if it was RW you cannot guarantee the hardware on the users machine). Also, you could use the registry or a local file - however, this could easily be circumnavigated with a bit of knowledge - and besides, this would not be portable to another computer (where it would run again ok).

The only option that will be of any use (and is certainly NOT perfect..) is to have the flash movie check against a website and use a unique id key on the disk which will then update the web based db with the watch count - this also gives you monitoring capability. however, the user would need to have an internet connection - which may be an issue for you. Also, if this was the option you selected, why not just use a website directly and forget the CD..?

If the flash movie does the validation, then I do not think that an 'untrained' user would be able to extract the protected content.

Finally, I can understand the password security, but why only let them see the movie once or twice ? If this is for commercial use between businesses then I would recommend you reconsider this, as it will not serve your company well.

Also, cosider that the room that hosts the viewing can be filled with as many people as the user likes, and also the user can record the entire screen during playback.. so you may find that you cannot limit the times the user views it without some serious coding investment.

The potential client may want to show his boss, or other money holding people within the company - but not until he has seen it himself, or maybe someone was away at the time - you would find the client more annoyed than anything, and more likely to pass you by. The password is fine, but forget the view limitation.

Also, the Flash forum might throw up some good ideas, or tool or two, and will certainly help with the password bit - though I 'barely' use flash so would not explain it as well as the experts.

Good Luck.

A smile is worth a thousand kind words. So smile, it's easy!

 

[requested89]

The major trouble with anything Flash related is that whilst .FLA file format is proprietary to Macromedia, the .SWF file format is open-source.

As you probably know, when you publish a Flash Movie it is turned into an SWF. Unfortunately this file-format is inherently insecure due to the fact that it can be decompiled in a matter of seconds (literally). There is software available to encrypt SWF files but this just means it will take minutes to decompile instead of seconds.

The trouble with your password idea is that the Password must be stored inside the SWF and this is decompile-able meaning that the thief can see you password.

Another option is to request a confirmation key from over the internet. Again though this has its problems. I could simply decompile the SWF and see how you are requesting the key and either request a fake key or just take out the code that ensures a key has been received.

If you are using a CD-Rom I assume you don't mind too much about file size. I would recommend embedding your SWF inside a Director movie and then having that on the CD-Rom instead. Director movies can't be decompiled so it should be safe. The trouble with it only being able to run once though is that you have to be able to record the fact that the program has been run at all. This is not easy to do in a manner that is foolproof.
Personally I would combine the following:

Embed SWF in Director Movie
Publish Director Movie as protected DXR or EXE
Request key from the Internet (This enables you to gather stats on which people are demoing your app as well as who is attempting to use it more than once)

You mention in you question 'Flash Video contains sensitive information'. Never ever ever put sensitive information in a Flash movie. It simply isn't safe.

Any more questions feel free to ask.

Chris