If you are worried about the client accessing your data outside of the
player, that you just have to live with it; for, if someone is good
enough they will find a way.
For example:
-If you are using the browser's ssl capability, I would just create a
proxy for the browser(thanks for the slap on the head Dave).
if you encrypt it directly from the flash player that is a little safer;
yet:
-If you generate the swf and the keys are in the swf when downloaded,
the swf can be decompiled and the keys easily found.
-If you are generating the keys on the fly in the swf, you have to worry
about a person that can spy on variables in memory.
There is a way where you encrypt variables in memory; yet, there is
still that instance where the data is in open text before being
translated and then encrypted.
Security in flash doesn't really exist; however, you can put so many
hurdles that would take a hacker forever, and forcing them to lose
interest; yet, persistence and resistance are tied hand to hand so that
thinking could backfire.
The only real security exists for languages on machines that randomly
generate keys at the hardware level and the code that runs on them is
deciphered at runtime; yet, you would also need several incorruptible
and extremely heavily armed guards making sure that a hardware engineer
doesn't get within 10 miles of it; however, cut off their food/air
supply and you have access to the machines.
If you are at an end point you have access to the data.
Waiting for Dave to rip into my post,
Anthony
webmastermack wrote:
I should have mentioned that I am also using a SSL certificate to encrypt
traffic to and from the site. Doesn't this deter packet sniffers?
-Webmastermack
--------------------------------------------------
Yes, but it can easily be viewed as it's coming across the wire using
packet sniffers or other similar tools.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
