On Jan 7, 2006, at 1:28 PM, John Grden wrote: > "Actually, you can only guarantee security if you don't publish the > SWF" > > I think some are missing what I've been saying becuase, this is > EXACTLY what I've been saying: no URL / Password/ Username /IP > would be published with any SWF at all. > > You have a dumb connector and you have an interface. They talk via > localConnection. > > If you tell your application to load the connector SWF, and the > file DOES exist, it loads. Otherwise, if fails silently. > > How does the app know where to get the connector SWF? YOU tell it > through the interface (Xray interface where you take snapshots - > physically type it in), which tells your application the URL for > the connector. > > So, there's no information that's published in any swf at all. If > someone caches your SWF's and views them with ASV, they get nada/ > nothing. The developer has to know the URL of the connector or > it's all over. > > So, no proprietary information is ever in any of the SWF's.
If there's no proprietary information, then why do you care if they can hook into it with Xray? They're going to be able to if they really want to, the SWF format is well known and it takes a few minutes to inject a few actionscript blocks into an existing SWF. All this indirection seems silly. -bob _______________________________________________ osflash mailing list [email protected] http://osflash.org/mailman/listinfo/osflash_osflash.org
