Securing client-side content:Flash files
Monday, June 20 2005 0 Comments
I came across this little pickle aboutsecurity and flash files. Basically since Flash is a wide openstandard, anyone can easily grab your swf file and decompile it.Obfuscation works a little bit here, but a determined little bastardcould eventually modify your source.
Of course someone could also just run your flash movie from their own server.
I came up with this little security table for some suggested guidelines in protecting our flash component.
Whatworries me is that none of these are 100% safeguards. They will deterthe average evil-doer, but anyone smart & determined enough couldget steal our file and modify it.
Does anyone have any suggestions on improving what I have above?
Of course someone could also just run your flash movie from their own server.
I came up with this little security table for some suggested guidelines in protecting our flash component.
| Flash Security | |
| Threat | Suggested response |
| File could be stolen and hosted on another server | Comeup with an dynamic encrypted key system-- the malicous users would haveto know the scheme to get the file to unlock -- this is not 100% |
| File could be hotlinked from another server | flashfile will only allow paths from the same domain as the swf resides...this will ensure that no one will be able to hijack our swf and loadtheir own XML file |
| File could be decompiled | Obfuscate the code |
Whatworries me is that none of these are 100% safeguards. They will deterthe average evil-doer, but anyone smart & determined enough couldget steal our file and modify it.
Does anyone have any suggestions on improving what I have above?
