Flex is essentially a massive Actionscript framework... so yes, if the bytecode in a swf can be decompiled (which it can) then it wouldn't be hard to see any of the Actionscript code in it.
There is a way using Flex Data Services to only allow a swf delivered from the application server to access content on that service. Because FDS can compile the swf to deliver it has some unique control over the structure of the swf and thus can tell if it is "hacked" or not authentic. I would look in this direction. --- In [email protected], "Kevin Schmidt" <[EMAIL PROTECTED]> wrote: > > > I know you can decompile Flash movies, however, I am equally curious if you can decompile Flex apps. > > Anyone able to shed light on this? > > Kevin > > ---------------------------------------- > > Hi all, > > Being new to the Flex/Flash world... > > I'm looking to secure our WSs so that only our SWFs can call them, in > > a non-proxied configuration. > > I'm thinking of placing some auth. token in the SWF that gets sent > > with all the requests. > > Can the .swf format be decompiled in any meaningful way, rendering > > this technique useless..? > > If so how, and what would be another simple approach..? > > Many thanks. > > Paul >
