Hmmm..that sounds like a good plan. The userswfs would never interact with each other, or run by themselves for that matter. They'd only serve to be loaded into a main player. I'll give it a whirl and see what I can come up with. Thx again ;) Btw, in regards to checking swfs for malicious code, I did find this which was interesting but didn't serve our needs due to it being for flash 8/AS2: https://www.owasp.org/index.php/Category:SWFIntruder
erick > > Typically you would host your player swf on www.superbokbok.com, and > host all user swfs on userswfs.superbokbok.com. Then the user swfs > cannot be malicious to your player swf, but they can be malicious to > other user swfs. > > I don't know how the rules work for server configs, DNS and domain > names, but I guess you could figure out a way to host each user swf on a > separate subdomain. > > ________________________________ > > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of superbokbok > Sent: Thursday, August 07, 2008 6:07 PM > To: [email protected] > Subject: [flexcoders] Re: Checking swfs for malicious code! > > > > --- In [email protected] <mailto:flexcoders%40yahoogroups.com> > , "Alex Harui" <aharui@> wrote: > > If you load > > from the same domain, it can do anything it wants. > > > This is our main concern at the moment, as the user would upload their > custom animation swf to our server. Our player, located on the same > server, would then load this custom swf on top of any other content. > > Our intent was to try and scan the uploaded swf for any content that > might be harmful and if there isn't any, let it proceed to be used in > our flex app(vid player). > > Another idea I had was to build a Template component that has a few > common methods needed for the player. This Template component could > load a custom users swf into it, but, the Template component restricts > the type of methods that can be called(eg it would disallow > navigateToUrl, loadSound, etc...) > > Is this even possible? I mean, is it possible for a custom component > or custom swf to restrict loaded content from executing certain > functions? > > cheers > erick >
