SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    Gold Coast
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sensitive content

    Hi I would like some advice on a security issue. The proposed development requires that very sensitive information be housed in Flash files.

    This of course will all be password-protected access to the flash files. Now the main issue is the flash file will be cached on the computer, which is a potential security issue. If an unauthorised person has access to the computer and leaks the contents of the file this will have legal ramifications.

    Is there a way to secure it so this is not possible or would streaming the content be a possibility?

    Open to all suggestions
    ___________________________________________________________

    Website - www.citrusmedia.biz
    ___________________________________________________________

  2. #2
    SitePoint Member
    Join Date
    Aug 2002
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could make it read from a file... so it wont work unless its placed in the right folder on your webserver and the user has access...

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    Gold Coast
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How do you restrict it to the right folder on the webserver?
    ___________________________________________________________

    Website - www.citrusmedia.biz
    ___________________________________________________________

  4. #4
    SitePoint Zealot webQS's Avatar
    Join Date
    Oct 2002
    Location
    Sydney : Australia
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi

    As a Flash developer I avoid placing any sensitive content in a Flash file. Simply because it's a standalone file that can be saved to the local hard disk.

    A thread above talks about Flash decompliers, that's one way of finding info in a SWF file. Another is to open the file in Notepad and see what can be seen amongst all the binary stuff (like hyperlinks).
    Storing sensitive info in a SWF file is a bit like storing Credit Card no's in a linked Javascript file.

    Flash's inherent security sandbox model is helpful here... basically a Flash movie can only load information from scripts and files in it's own domain - this means the same local filesystem or the same domain.
    So storing sensitive info in a database for instance utilises the inherent security of the web server and database server... and if a Flash movie is downloaded to the local file system, it cannot access the remote webserver.

    What type of content are you storing?

    HTH
    James

  5. #5
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    Gold Coast
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Basically the information is "New product" information that can only be seen by stakeholders. This information cannot be viewd by anyone else. So I was thinking that (if possible) the images and text were loaded in such a fashion as you suggest then the swf could not be distributed. How would I go about finding more information on this?
    ___________________________________________________________

    Website - www.citrusmedia.biz
    ___________________________________________________________

  6. #6
    SitePoint Zealot webQS's Avatar
    Join Date
    Oct 2002
    Location
    Sydney : Australia
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey

    You can load in dynamic images to a Flash movie using

    clipName.loadMovie("image.jpg", POST);

    and the text could be loaded in using a basic loadVars script (or loadVariables for Flash Player 5).

    When the Flash movie is moved out of the domain holding the loadable content it will not be able to load that content in (it's outside the 'sandbox'), also the content will remain on the server and not be attached to the SWF.

    Try a search on google, or here, for these keywords..

    HTH
    James

  7. #7
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    Gold Coast
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The way a flash player operates is that when it is loaded from a server through a browser, it is locally stored in the temporary internet files. This is how flash streaming and playing works. The movie you see in the browser is not directly from the server, it is the local copy stored in the cache.

    When dynamically loading the data into a master SWF movie, if the master file is opened from the local machine (or the cache), it will still load in the sub-content it requires from the server. This is because the master file has not really been 'moved off' the server, it still recognises the server as being its host domain, and therefore loads in any flash content it requires from that specific domain. If this was not the case, then flash would not dynamically load any content at all.
    This is an argument that I have had towards this proposal, what do you think
    ___________________________________________________________

    Website - www.citrusmedia.biz
    ___________________________________________________________

  8. #8
    SitePoint Addict LiveTronix's Avatar
    Join Date
    Sep 2001
    Location
    Vancouver
    Posts
    370
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Flash Remoting. Very Secure. Plus check for some directory structures. Load a file in that has to be present (load the filename from a database).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •