PDA

View Full Version : Flash 8 - XML - Cache


nitzicuile
02-09-2006, 09:28 PM
Hi!;)

I am developing an application with Flash and XML. This application retrieve all the information from the XML.

My problem is that, these XML has information that I don't want people know... and it starts when the swf and xml files are cached by the browser/flash player

* - I am using Flash 8,
* - XML is not encrypted (Is this a good solution?),
* - ActionScript 2.0,

How about another solution?:confused:

Please, let me know if there is any information you need to help me...

Thx lot,

nitz

simonboris
02-09-2006, 10:15 PM
hi nitzicuile,

when you load your xml file using xml build in method, load an asp or php file
that generated xml content. That way your xml wont be cached by the browser.

The only downside of this is that you cannot preload it. You have to wait for the onload method of the xml class.

nitzicuile
02-10-2006, 12:36 PM
Hey! thanks...;)

I have to ask my boss if that is the kind of solution he wants...
He was talking about encrypting information between <tabs></tabs> ...

Anyway, anything else?...

simonboris
02-10-2006, 04:06 PM
I am not sure about encryption.

Sure you can encrypt your data, but to read or use, you will have to decrypt it. You will need your de-encrytion function or method in your flash. If someone decompile your flash, he will be able to get decryption methods... If he gets your xml file, he will gain access to your data.

If you use server generated xml, no one will have access to the xml data, ontly to the decryption process.

The problem with this is the amount of data to be decrypted. Imagine, you have to decrypt the info before using it...

And don't forget that there is a size limit for xml file to be loaded in flash.
It's about 70ko. Beyon that, you will see flash player run slower... I don't know if the limit have changed with flash 8, but you should read flash specs using xml. Maybe with encryption, your file size will be larger than the limit.

And if this data you want to encrypt is so sensitive, maybe you should'nt use it in your flash...

And how much time will you take to create encryption/decryption process that can be reusable... will it worth the money and time spent ?

Hope it help,

Skindc
02-10-2006, 04:11 PM
If the problem is that you want flash to ensure to reload the xml document rather than using a cached version just add add a random number to end of url string and will reload the xml everytime!


var ranNum:Number=Math.ceil(1000*(Math.random()*(1000* Math.random())));
docXml.load('xmldoc.xml?'+ranNum);

sleekdigital
02-10-2006, 04:13 PM
I don't know what gave you that idea, but generating the XML dynamiaclly with PHP or any other server side technology does not prevent the browser from caching the XML.

The only good solution I can think of for your case is flash remoting.

Skindc
02-10-2006, 04:26 PM
sleek, if your referring to my last comment about using the random number this is to be done in flash, it is a quick resolve to prevent the flash file using a cached version of xml and is not a replacement for remoting, this was not my intention but this can come in handy for smaller projects that need only to import a small xml docs but ensures refreshing of xml document. I have used it in many scenarios for cms for flash content in many cases.

sleekdigital
02-10-2006, 04:29 PM
Skindc, no i am refering to simonboris' comment ...

hi nitzicuile,

when you load your xml file using xml build in method, load an asp or php file
that generated xml content. That way your xml wont be cached by the browser.

The only downside of this is that you cannot preload it. You have to wait for the onload method of the xml class.

Sorry that i was not clear about that.

Yes I am aware of your method and I use it myself, but the original poster said he did not want people to be able to see his data.

nitzicuile
02-10-2006, 06:50 PM
Uhmm a friend talks to me about "flash remoting"... I am going to read about it...

Maybe is the solution...

About ...

If the problem is that you want flash to ensure to reload the xml document rather than using a cached version just add add a random number to end of url string and will reload the xml everytime!

... I do not want to reload XML, I do not want my XML to be cached on clients machine... thanks anyway! learning never ends...

simonboris
02-11-2006, 12:45 AM
hi sleekdigital,

when i say server side generated xml, i mean:


var f:XML = new XML();
f.ignoreWhite = true;
f.onLoad = function(b:Boolean)
{
if(b)
{
// code...
}
}
f.load("myFile.php"); // or asp or jsp
// in the server page, i render an xml opbject with header.
// so at the end, i get an xml file
// there is no way a browser can cache this.
// it is server script... and not file exist...


This work pretty fine for me...

sleekdigital
02-11-2006, 02:50 AM
The script is server side, but it generates XML... that XML is sent to the users browser and it gets cached acording to the user's setting. The XML is what the poster is interested in protecting.

nitzicuile
02-16-2006, 04:46 PM
Hi, again...

I have been studing this problem from the side of the server, and I found that if I send something like...


<Error>
<message> No XML found </message>
</Error>


...as an error if the flash client do not find the XML, and it was not cached.
So I tried to send all the big XML dynamically and it is cached anyway... pff!

So I thought, Is there any maximum amount to transfer data between client/server without caching?... I don't know If I am beeing clear with this... any question, here am I!..

Thanks,

nitz

sleekdigital
02-16-2006, 05:06 PM
I don't understand what you are asking, but my point is that with XML.load or load variables or anything like that, you are sending the data to the client so it will be accessible to the user. Whether it is dynamically generated by the server or not is irrelevant. The data gets sent to the client either way. That is why remoting is probably your most secure option.

Either that or instead of sending any sensitive data to the flash movie you have the server side scripts access data on the server and only return non sensitive data that the user needs to see. I don't know the details of your situation... I don't know why you are sending data to the flash movie that you need to keep hidden... so it is difficult to provide much more advice than this.

nitzicuile
02-16-2006, 05:44 PM
hehe... :D excuse me.. I am going to explain:

I am developing an exam and all the information including questions and answers are into the XML. The fact is that this is a product, and my boss wants to keep all information securely.

Recently, We found a way to not caching the XML with java, sending the following information before the XML:


pw.println("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
pw.println("Cache-Control: no-store, no-cache, must-revalidate");
pw.println("Cache-Control: post-check=0, pre-check=0");
pw.println("Pragma: no-cache");


And it works...

Anyway, we still have doubts about the way the browser caches the information transfered between client and server. Or if there is a maxium amount of data to be transfered (and if it excedes the maxium, just shows the cached info), etc.

I don't know if this concern to this forum... so thanks anyway...

See you next time!

nitz

sleekdigital
02-16-2006, 05:48 PM
All that will do is keep the browser from re using the cached data, but it does actually still get cached. And it is certainly not secure. The user could just request the file with their browser and see all the data.