Hmmm..that sounds like a good plan. The userswfs would never interact
with each other, or run by themselves for that matter. They'd only
serve to be loaded into a main player. I'll give it a whirl and see
what I can come up with. Thx again ;)
Btw, in regards to checking swfs for malicious code, I did find this
which was interesting but didn't serve our needs due to it being for
flash 8/AS2:
https://www.owasp.org/index.php/Category:SWFIntruder

erick
>
> Typically you would host your player swf on www.superbokbok.com, and
> host all user swfs on userswfs.superbokbok.com.  Then the user swfs
> cannot be malicious to your player swf, but they can be malicious to
> other user swfs.
>  
> I don't know how the rules work for server configs, DNS and domain
> names, but I guess you could figure out a way to host each user swf on a
> separate subdomain.
> 
> ________________________________
> 
> From: [email protected] [mailto:[EMAIL PROTECTED] On
> Behalf Of superbokbok
> Sent: Thursday, August 07, 2008 6:07 PM
> To: [email protected]
> Subject: [flexcoders] Re: Checking swfs for malicious code!
> 
> 
> 
> --- In [email protected] <mailto:flexcoders%40yahoogroups.com>
> , "Alex Harui" <aharui@> wrote:
> > If you load
> > from the same domain, it can do anything it wants.
> > 
> This is our main concern at the moment, as the user would upload their
> custom animation swf to our server. Our player, located on the same
> server, would then load this custom swf on top of any other content.
> 
> Our intent was to try and scan the uploaded swf for any content that
> might be harmful and if there isn't any, let it proceed to be used in
> our flex app(vid player).
> 
> Another idea I had was to build a Template component that has a few
> common methods needed for the player. This Template component could
> load a custom users swf into it, but, the Template component restricts
> the type of methods that can be called(eg it would disallow
> navigateToUrl, loadSound, etc...)
> 
> Is this even possible? I mean, is it possible for a custom component
> or custom swf to restrict loaded content from executing certain
> functions?
> 
> cheers
> erick
>


Reply via email to