Hi Audry, Been in your situation quite a few times myself. My line of thought goes a little like this:
First off, there is NOTHING that cannot be cracked. You can only make it more difficult for the hacker. So it's not a question of 'secure' vs 'not secure', it's a question of 'how difficult do we want to make it for hackers to get to the data'. It may be appropriate to secure only against the casual hacker, or it may be that losing the data would mean the end of your company. It all depends on what you're securing. Since you mentioned art elements specifically, I would point out that all you need to steal art is the "print screen" button on the Windows keyboard. If you can see it on the screen, no matter what technology is being used to deliver it, you can capture it into a file and manipulate it to your liking. For art elements, I think that Flash is more secure than gif or jpg, simply because there's no "Right-click > Save Picture As". With regard to the "sign-in" functionality, this can be done securely through Flash, but only in combination with some server-side code. NEVER store a username/password in a SWF file. All authentication must be handled server-side. For login functionality, it's my belief that Flash can be as secure as a web page. Amayeta SWFEncrypt is a good product if you want to protect ActionScript from casual hackers. I tested it a few months back against the popular decompilers, and at that time it never failed. However, the people who make the decompilers are constantly updating their products to work against the obfuscators (like SWFEncrypt). Ultimately, whatever you put in a SWF can be extracted, if the cracker is motivated enough. This is true of all programs, however. Even Windows be decompiled and tinkered with. So it comes back to the value judgment... Is it worth paying a security expert tens or hundreds of thousands of dollars to make sure my data never falls into the wrong hands (as in the case of credit card numbers) or is a cheap software obfuscation program enough to protect it (as in the case of drawings that can be screen-captured anyway). Hope that helps. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Audry Taylor Sent: Wednesday, May 03, 2006 1:59 PM To: [email protected] Subject: [Flashcoders] Newbie & security issues? Hey everyone! I'm new here so just steer me in the right direction if I get off-topic without realizing it. I'm in the middle of convincing my company that we should include some fun Flash games on our company website using art elements from some original IPs. They're concerned that Flash can be cracked too easily, putting our art elements at risk of being stolen. Anybody got some arguments I can use to back up my faith in Flash? The other concern my bosses have is that since we want to add registration to our website so that members can have access to these free games, it's important to protect our member's personal info, even if it's just a nickname and password. If the member has to sign in inside a flash game, for example, is there a risk that their information could be stolen? Speaking of which, I've heard Amayeta SWF Encrypt is good. Can anyone vouch for it or do you know if it's been cracked by anyone? You guys are the hardcore coders so I figured you could help me come up with the most compelling answers to give my bosses. I have read about security issues on the Macromedia website and relayed that information to them already but they are still indecisive about this matter. In spite of some of its limitation, Flash is a really cool program. IMO. ^_^ Audry Taylor Creative Director Go! Comi http://www.gocomi.com _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ _______________________________________________ [email protected] To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com _______________________________________________ [email protected] To change your subscription options or search the archive: http://chattyfig.figleaf.com/mailman/listinfo/flashcoders Brought to you by Fig Leaf Software Premier Authorized Adobe Consulting and Training http://www.figleaf.com http://training.figleaf.com
