Typically you would host your player swf on www.superbokbok.com, and host all user swfs on userswfs.superbokbok.com. Then the user swfs cannot be malicious to your player swf, but they can be malicious to other user swfs. I don't know how the rules work for server configs, DNS and domain names, but I guess you could figure out a way to host each user swf on a separate subdomain.
________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of superbokbok Sent: Thursday, August 07, 2008 6:07 PM To: [email protected] Subject: [flexcoders] Re: Checking swfs for malicious code! --- In [email protected] <mailto:flexcoders%40yahoogroups.com> , "Alex Harui" <[EMAIL PROTECTED]> wrote: > If you load > from the same domain, it can do anything it wants. > This is our main concern at the moment, as the user would upload their custom animation swf to our server. Our player, located on the same server, would then load this custom swf on top of any other content. Our intent was to try and scan the uploaded swf for any content that might be harmful and if there isn't any, let it proceed to be used in our flex app(vid player). Another idea I had was to build a Template component that has a few common methods needed for the player. This Template component could load a custom users swf into it, but, the Template component restricts the type of methods that can be called(eg it would disallow navigateToUrl, loadSound, etc...) Is this even possible? I mean, is it possible for a custom component or custom swf to restrict loaded content from executing certain functions? cheers erick
