Glen Pike skriver:
Hello,
The parameters that you pass to the SWF in your HTML are different to
communicating with a back-end system.
If you look at URLLoader in actionscript. This enables you to load data
as you would load a web-page.
You would use URLLoader with your server-side code, e.g. PHP to do GET
and POST type requests:
This way, your users cannot "inject" their own date and it is also
possible to have "login" type facilities.
You clearly haven't heard of HTTP request sniffers. With something like
Fiddler <http://www.fiddler2.com/> I can easily override the reply from
any server.
And no, SSL does not help there. I can authorize any certificate
authority I feel like, including my own one.
And for any other checksum/validation I can always just edit the swf
file to skip the check.
In the end it is the same ages old trusted client problem. You just
can't protect code that runs on the client.
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
