The SWF file format is documented. The SWFDump utility will "decompile" it. A release version has more hidden variables than a debug version, but you can still pick it apart. There were code obfuscation tools for prior versions of SWFs that were done by third parties, but I don't know that they exist for AS3 yet. It wouldn't be too hard to write one, but you have to be sure that if you obfuscate protected or public things that no other swfs need those APIs.
If you're worried about reverse engineering, use as many private variables as possible and don't let debug or verbose-stacktrace versions get out in the wild. If you're worried about security, you need to implement authentication in your application. Most apps connect to servers and you can leverage that as a means of making sure nobody has doctored the SWF. That problem, however, isn't really that much different from someone spoofing your HTML-based site. ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Satish Kumar.M Sent: Friday, June 01, 2007 12:00 PM To: [email protected] Subject: [flexcomponents] curious to know about Flex component Decompiling? ActionScript 3 looks more like Java and SWF files have been decompiled since a long time... does it mean developing in Flex means potential chance for decompilation & concerns for security ??? When a Flex App is loaded in the browser, I assume it's a SWF file with all the mxml & Components together. Is it proven that Flex apps cannot be decompiled??? can some one shed light on this.. thanks Satish Boston, MA.
