If you load content from another domain or sub-domain, it is loaded into a secure sandbox and can't really do anything malicious. If you load from the same domain, it can do anything it wants. If you load content from another domain or sub-domain, and another piece of content from that same "other domain or sub-domain", those two SWFs can cross-script each other, so loading one at a time is best. Until FP10, you cannot force unload content so evil content could appear to unload but hang around to do evil things to the next content loaded.
________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Laurent Cozic Sent: Thursday, August 07, 2008 2:13 AM To: [email protected] Subject: Re: [flexcoders] Checking swfs for malicious code! I don't think you need to worry about security for loaded contents. The Flash player does that very well already and there's probably no way a Flash file could do anything malicious. -- Laurent Cozic Flash, Flex and Web Application development http://pogopixels.com <http://pogopixels.com> --- On Thu, 8/7/08, superbokbok <[EMAIL PROTECTED]> wrote: From: superbokbok <[EMAIL PROTECTED]> Subject: [flexcoders] Checking swfs for malicious code! To: [email protected] Date: Thursday, August 7, 2008, 8:45 AM Don't know if this is the right place for this, but thought I'd throw out the question before I dive headlong into building something that isn't do-able. Basically, I'm building a video player that would allow flash authors to create their own video/photo/ game and upload to a server. My app would then take this and use it within the Main video player as they please. The concern my client has is that the swf's that are uploaded(AS3) may contain malicious code that might affect other users/websites etc... The main video players is built in Flex while the uploaded vids are done in Flash. Is there any way, other than decompiling swfs and checking the code, to determine if the code is in fact malicious from a swf? cheers erick
