My understanding is this: there is nothing to stop you from passing encrypted values via the addVariable method provided that your SWF has the internal logic to process and decrypt said values. If the intent is to provide obfuscation/protection to random individuals who might snoop for whatever reason, then getting an SSL certificate is probably a better investment of your time and energy. If you are looking to obfuscate data so that the end-user can't look at what you are doing, then it seems like you would be better off creating some sort of obfuscation/server side script that gets sent tokens and some form of shared secret that only the valid user and the server side script would know (via session variables for example). The SWF file would have access to those same tokens in theory, so the only chatter that would contain the "real" variables in the clear would be the chatter between the SWF file/local javascript and the server side page. Slap SSL on that so a local port sniffer can't circumvent your logic and you would be good to go.
But as I understand it, you'd have to come up with some sort of third actor means to make sure that the messages/variables you are interested in hiding remain hidden. True protection is nontrivial in my opinion. Maybe there are some google sources to confer with on that front. Most of the time, all we get away with is glorified obfuscation of the data to prevent the casual user from seeing what they shouldn't see. A determined hacker would laugh at most of the ways we protect our data as many times, hacking in other directions (i.e. the physical machine, simple passwords, etc.) is an easier way to get to data. Vincent On Tue, Nov 16, 2010 at 12:36 PM, Jay Jennings <[email protected]>wrote: > Is it possible to Encrypt your so.addVariable 's? If so what is the > recommended way of doing so. > > Or would it be possible to pass a list of so.addVariables in as an > encrypted xml file? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "SWFObject" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<swfobject%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/swfobject?hl=en. > > -- You received this message because you are subscribed to the Google Groups "SWFObject" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/swfobject?hl=en.
