Monday, June 20, 2005

Securing client-side content: Flash files

I came across this little pickle about security and flash files. Basically since Flash is a wide open standard, anyone can easily grab your swf file and decompile it. Obfuscation works a little bit here, but a determined little bastard could eventually modify your source.

Of course someone could also just run your flash movie from their own server.

I came up with this little security table for some suggested guidelines in protecting our flash component.

Flash Security
ThreatSuggested response
File could be stolen and hosted on another serverCome up with an dynamic encrypted key system-- the malicous users would have to know the scheme to get the file to unlock -- this is not 100%
File could be hotlinked from another serverflash file will only allow paths from the same domain as the swf resides... this will ensure that no one will be able to hijack our swf and load their own XML file
File could be decompiledObfuscate the code


What worries me is that none of these are 100% safeguards. They will deter the average evil-doer, but anyone smart & determined enough could get steal our file and modify it.

Does anyone have any suggestions on improving what I have above?
Filed under:
#    Comments [0] | Trackback
Tracked by:
"strip poker men" (strip poker men. Holzknecht Rudolf) [Trackback]
"slot machine gambling" (slot machine gambling) [Trackback]
"travel medical insurance" (travel medical insurance) [Trackback]
"affordable car insurance" (affordable car insurance) [Trackback]
"insurance company" (insurance company) [Trackback]
"phentermine" (phentermine) [Trackback]
"loans mortgage" (loans mortgage) [Trackback]
"hyatt regency" (hyatt regency) [Trackback]
"motel" (motel) [Trackback]
"buy viagra online" (buy viagra online) [Trackback]
"poker tables" (poker tables) [Trackback]
"bet" (bet) [Trackback]
"free online slot machines" (free online slot machines) [Trackback]
"buy ultram online " (buy ultram online . Ilse Krauss) [Trackback]
"insurance claims" (insurance claims) [Trackback]
"ultram testing " (ultram testing . Kate Raga) [Trackback]
"american express travel" (american express travel) [Trackback]
"cincinnati hotels" (cincinnati hotels) [Trackback]
"venice hotels" (venice hotels) [Trackback]
"prescription discount" (prescription discount) [Trackback]
"pharmacy canadian" (pharmacy canadian) [Trackback]
"order phentermine online" (order phentermine online) [Trackback]
"credit score report" (credit score report) [Trackback]
"debt consolidation service" (debt consolidation service) [Trackback]
"get out of debt" (get out of debt) [Trackback]
Comments are closed.