Home Tutorials Forums Articles Blogs Movies Library Employment Press
Old 02-20-2003, 06:31 PM   #1
kreso2
Registered User
 
Join Date: Jan 2002
Posts: 67
Default Quiz questions not for public

Hello!

I am making this quiz in flash, actually I already made it for this big firm which would then put it onto their portal and give away valuable prizes. All of the questions are stored on local server and should be then in run-time inserted into flash.

My question is: What is the best way of protecting the questions (because along with the questions come the answers, too)? So one can not load all of my questions and answers.

I am really new to all this security things so any help is apriciated!


Kind regards,


kreso2
kreso2 is offline   Reply With Quote
Old 02-20-2003, 08:20 PM   #2
CyanBlue
Super Moderator
 
CyanBlue's Avatar
 
Join Date: Jan 2002
Location: Centreville, VA
Posts: 26,666
Default

Howdy... Welcome aboard...

I am not sure how to go about this, but I think you will need to explain some more about what you said,
Quote:
All of the questions are stored on local server and should be then in run-time inserted into flash.
You have to tell how the questions are stored... Are you feeding the questions one by one from the server script language or are you reading the content of the text file or some other way??? I think the answer could vary a lot depending on how you have set it up...
__________________
CyanBlue / Jason Je / Macromedia Certified Flash Developer & Designer
http://CyanBlue.FlashVacuum.com
http://www.FlashVacuum.com
http://tutorials.FlashVacuum.com

Do NOT PM, Email or Call me... Your question belongs right in this forum...
CyanBlue is offline   Reply With Quote
Old 02-21-2003, 07:43 AM   #3
kreso2
Registered User
 
Join Date: Jan 2002
Posts: 67
Thumbs up thanks

well the thing is that they will let me choose what ever system I prefer. They asked me in which one do I want. I thought sql to be most usable one. But, then again they will only provide me with database so I will have to figure out flash communication with middleware (php or something like that maybe - I really don't know - I hope you will note that) which will then communicate with their database.
That means I can tell them to make a database how ever I want.


Thanks again,


kreso2

Last edited by kreso2; 02-21-2003 at 07:48 AM.
kreso2 is offline   Reply With Quote
Old 02-21-2003, 06:08 PM   #4
CyanBlue
Super Moderator
 
CyanBlue's Avatar
 
Join Date: Jan 2002
Location: Centreville, VA
Posts: 26,666
Default

Um... Okay... Since nobody is answering you... YO... EXPERTS!!! WHERE ARE YOU???

This is what I think...
I'd use something like PHP and MySQL to retrieve the data from the database back to Flash... I'll use LoadVars object three times to get the data though...

Once to call a PHP file that will generate a quiz based on the database, and saves it into the text file with the random file name, and this name will be returned back to Flash...

Once to call a text file based upon the random file name that I have just gotton from the first PHP call...

Once to call another PHP file that will delete the text file that has been created in the first place...

I don't know how much this can be helpful to you, but I'm just throwing you some ideas...
__________________
CyanBlue / Jason Je / Macromedia Certified Flash Developer & Designer
http://CyanBlue.FlashVacuum.com
http://www.FlashVacuum.com
http://tutorials.FlashVacuum.com

Do NOT PM, Email or Call me... Your question belongs right in this forum...
CyanBlue is offline   Reply With Quote
Old 02-21-2003, 07:44 PM   #5
littleRichard
Registered User
 
littleRichard's Avatar
 
Join Date: Feb 2003
Location: Florida
Posts: 289
Default

I don't really see how a temp file solves anything. all i'd have to do is decompile the swf to see exactly whats going on and hit the php pages accordingly through a browser window.

I'm not sure what you're asking for help with exactly. are you trying to keep people from hacking the correct answer? The first thing i would point out is that you definately should not send the answers to flash. just send the questions and then return the users answer back to the server for validation.

do people have to go through some sort of login before they get to the question?
littleRichard is offline   Reply With Quote
Old 02-21-2003, 09:06 PM   #6
CyanBlue
Super Moderator
 
CyanBlue's Avatar
 
Join Date: Jan 2002
Location: Centreville, VA
Posts: 26,666
Default

Howdy, littleRichard...
Quote:
I don't really see how a temp file solves anything. all i'd have to do is decompile the swf to see exactly whats going on and hit the php pages accordingly through a browser window.
That's what I am trying to prevent by using the temp file... You can decompile the SWF file, and get the name of the PHP file out of it, but you cannot get the name of the temporary text file by doing that... That's why I suggested of using LoadVars to get the temporary text file name from the server and then use LoadVars() again to get the actual content of the questions...

I think how to prevent the SWF files from being cached has been dealt several times... You might want to do some searching on the forum on how to protect the flash movie and such to get more information... and don't forget to share the link when you find something because I am too lazy to search...
Quote:
The first thing i would point out is that you definately should not send the answers to flash. just send the questions and then return the users answer back to the server for validation.
Yup... Exactly...
Quote:
do people have to go through some sort of login before they get to the question?
I believe so... kreso2 mentioned that his/her client will give away the prizes which usually requires the personal information... Speaking of which... Can you upload that database to the forum so that we could share all the surprising prizes???
__________________
CyanBlue / Jason Je / Macromedia Certified Flash Developer & Designer
http://CyanBlue.FlashVacuum.com
http://www.FlashVacuum.com
http://tutorials.FlashVacuum.com

Do NOT PM, Email or Call me... Your question belongs right in this forum...
CyanBlue is offline   Reply With Quote
Old 02-22-2003, 02:31 PM   #7
kreso2
Registered User
 
Join Date: Jan 2002
Posts: 67
Default

hey guys and gals,


CyanBlue - I like this idea with PHP but I think, like littleRichard said - everyone can decompile swf and see which scripts do the app call upon and then use simple browser window to start my php script and it will work like they (mean, nasty hackers) are using my app and get all the answers.

littleRichard: I must validate answers realtime - The reason is that this quiz is a remake of a TV version which is very popular in my country so it must work exactly like the TV version. When a person gives a correct answer the answer must blink that instant and proceed to the next one depending if the answer was correct or not. I can't get all the answers and then just send them to see how many were answered correctly and also I can't wait couple of secs. to validate single answer either.

All players will have to go through a login process.

Maybe this idea of yours, CyanBlue, could work if only PHP files could be restricted to work only if they were called from a file on my server - but I guess the SWF (app) file is in cache on local computer when it is run so it wont work either?

Or maybe I could use SSL - I have seen it mentioned couple of times when security was involved and I don't know how it works but probably it is best to figure out a unique security system ... just throwing in some ideas..

I don't believe that nobody came across this kind of problem so far and that it is unsolvable!


Thank you all for your help, I hope we will figure out something!



kreso2


P.S. CyanBlue - as for those questions go public - I am not authorized to see them but -> after we figure out a security system we will brake it and have the questions for our disposal
kreso2 is offline   Reply With Quote
Old 02-22-2003, 04:17 PM   #8
butterbur
Barman
 
butterbur's Avatar
 
Join Date: Aug 2002
Location: UK (the shires)
Posts: 113
Send a message via ICQ to butterbur
Default

Can anyone tell me the name of the file this script gets it's questions from?
My quiz

I'm new to actionscript and would like to know how vurnerable it really is.
butterbur is offline   Reply With Quote
Old 02-22-2003, 05:38 PM   #9
kreso2
Registered User
 
Join Date: Jan 2002
Posts: 67
Default

I believe it is pat.php

I used program named 'SWF Decompiler' to see this.


kreso2
kreso2 is offline   Reply With Quote
Old 02-22-2003, 06:06 PM   #10
butterbur
Barman
 
butterbur's Avatar
 
Join Date: Aug 2002
Location: UK (the shires)
Posts: 113
Send a message via ICQ to butterbur
Default

Hmmm.
You're right. I'm gonna have to have a rethink.
Regards
Martin
butterbur is offline   Reply With Quote
Reply


Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:25 AM.

///
Follow actionscriptorg on Twitter

 


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Copyright 2000-2013 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.