I’ve been seeing a few articles here and there about obfuscating SWFs so that people don’t steal your work and run your app somewhere else. Primarily games from what I’ve experiences/read/seen. Now, while using some particular software to do that to your SWF files is probably a good idea I couldn’t help but think that I rarely think about that anymore.
The main reason that kind of security doesn’t cross my brain as much is because most of our work is either with Flash Media Server or Wowza Media Server. In such a case, we are always looking to tie into the client side some server side stuff too. When you do that, you can offload a bunch of logic to the server side.
For example: Say you are building a game that allows you to roam around as an avatar. You need to talk to other people and go between rooms. Instead of handling this kind of stuff client side with calls to a database directly from the SWF, you instead can make those calls from the server side coding on FMS or WMS to the database, and of course even incorporate a bunch of logic on the server side. To explain the logic part, take for example the idea that you might want to format and logic check any messages that people are sending to each other. Like a child friendly filter maybe, or a spam filter that removes links or even those pesky people that just put in jibberish to fill up a whole chat area to piss everybody off. Those bits of logic can all be put on the server side.
In turn, what you have here is the ability to make your SWF completely reliant on making that connection to one of the media servers (there are more than FMS and WMS of course, Smartfox Pro and Electroserver are both great candidates for this too) to get some of its logic from. Without it, the app just doesn’t work.
The great thing about the server side code, whether it’s just text files (asc files) for FMS or JAR files for WMS, they’re not downloadable and are never seen by the client. Safe and secure and you don’t need to worry about obfuscating them at all, unless you are selling and don’t want people to copy pieces out of them maybe..
Anyways, it’s something that maybe a not a lot of people have thought of and I thought I would throw it out there. Learning server side coding can be a pain at first, and wrapping your head around that kind of logic process can take a bit of time, but it’s well worth it.
With that, it’s important to also note that both servers have their own security abilities in place. FMS can deny connections to recompiled SWF files and WMS can serve your SWF straight from Wowza itself. You can limit which domains can connect to your server or even down to the nitty gritty IP addresses. That doesn’t count the coding that you can do to check with a database for when somebody logs in and so forth. So much more powerful than just client side coding.