I'm trying to come up with a more secure method of password protection than simply comparing an input text field with a predetermined password.

The client want to be able to prevent the user from sharing the application with others on different computers.

Is there a way for Flash to detect a computer's serial number, or other unique ID?

Something similar to:

myButton.onRelease=function(){
computer = System.capabilities.os;
trace(computer);
}

I'm intrigued with the above System.capabilities.os function, but that just spits out the user's OS version, and this approach needs something more unique.

Any ideas?

set some unique values in it and then have flash check if the values in the object are valid.

this could be easily circumvented but without decompiling i don't know that the user would ever check for it. Not sure how secure your project would need to be.


I believe that you can password protect a swf file as well

Thanks for the suggestion, but could you give a little more detail?

I'm not sure how simply setting some unique values would prevent a user from giving the movie to the person in the next office along with the password.

I'm trying to find a way to get some unique info off of the original user's computer so that a serial number can be generated, (if necessary, we'll have the purchaser call us for a password that reflects in some way this unique identifier).

I'm sure Flash's Shared Object will come into play, setting a cookie.

Is there a way to obtain the Shared Object's path perhaps?

I figured out a solution!

While it's not quite as unique as a computer's serial number, this should work well...

The trick will be to generate a code that's made up of seemingly random letters and numbers, but actually, it's made up of the client's initials, lucky numbers, etc. mixed in with today's date (retrieved via getDate() ).

That way, when the purchaser calls in to register the product, the client knows exactly what to recite as their password. The purchaser enters the password right then while the client is still on the phone, and that password is stored as a shared object on the purchaser's computer, allowing them continued access on that computer.

If the purchaser makes a copy for a friend for use on another computer, the same password will not work, assuming it's a different date.

One could make that time window even tighter by incorporating the time into the date as well, but then the client would need to keep in mind the caller's time zone, if their clock is accurately set, etc., (which may be a bit much for this client).

Not perfect, but until I find a way to discover the user's computer's serial number or other unique identifier, this should work nicely.