 | | | More DCR "theft " naughtiness | More DCR "theft " naughtiness 2003-12-11 - By Chuck Neal
Back
In these cases what does the moviePath contain?
A trick I have also used is an external key file on the server that sends
the moviePath and validates it with the encrypted key. Even if they find
and download the keyfile it won't work on another site.
Loader movies also help this as you can redirect to the actual file.
Swapping the cast at runtime also can help as you can start with empty casts
and switch t valid ones once the movie loads.
Last but not least you can try a remote "ping" operation with a dynamic
page. It basically works like this...
Page is loaded via ASP/PHP/etc. As it loads it logs the user's IP address
as a valid usable IP then loads the html of the page to the browser.
The SW movie then loads and hits a verification page that tests to see if
the IP it is running from is loaded in the DB in the last 20 minutes or so.
If not if won't run and redirects back to you. You can also add some frame
breaking JS to your page to also prevent simple page embeds via Iframe, etc.
-Chuck
-- ---- ---- ---- ---- ---
Chuck Neal
CEO, MediaMacros, Inc.
chuck@(protected)
http://www.mediamacros.com
-- --Original Message-- --
From: dirgames-l-bounces@(protected)
[mailto:dirgames-l-bounces@(protected)] On Behalf Of duck
Sent: Thursday, December 11, 2003 9:31 AM
To: dirgames-l@(protected)
Subject: [dirGames-L] More DCR "theft" naughtiness
Hi Guys,
Some new developments in the continuing saga of preventing DCRs from being
copied/framed/popped up by other sites. I don't believe that this trick has
been addressed before, and so may be of interest (specifcally to Barry with
his document that he said he was writing up!).
Currently, in order to prevent the dcr from being embedded by external
sites, I check the "src" externalParam, and make sure it does not begin
with "http", thus only allowing the dcr to be linked to locally from my own
site.
However - it appears to still be possible to embed dcrs remotely, even if
this check is performed, because of the html tag <BASE>
http://www.faqs.org/docs/htmltut/linking/_BASE.html
This tag is specifically designed to tell the browser to pretend that the
page is being loaded from some other (remote) site, and so allows
local-style links in the HTML source that actually link to remote files on
the server specified in the BASE tag.
I was tipped off that a site was popping up my game, and discovered that it
was using this technique. It's still there at the moment:
http://www.mofunzone.com/games/snowfight.shtml
Check out the source of the pop-up window. They've actually just copied my
own page source, and just added the <BASE> tag.
(To view the source of their pop-up window, you may need to Ctrl-N while in
the pop-up to open a duplicate in a window that has a menu bar)
Any ideas how to detect and prevent this method?
- Ben
__ ____ ____ ____
ben@(protected)
www.robotduck.com
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
dirGames-L mailing list - dirGames-L@(protected)
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames-l
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
dirGames-L mailing list - dirGames-L@(protected)
http://nuttybar.drama.uga.edu/mailman/listinfo/dirgames-l
Earn $52 per hosting referral at Lunarpages.
|
|
|