WebApp Sec mailing list archives

Re:Flash sites

From: "leorl" <leorl () uol com br>
Date: Wed, 3 Sep 2003 15:03:02 -0300

Hi! I've worked with Flash from
sometime and what I know is that
there's no 'secure' flash file, as
anyone can disassemble it.
This is a pain to any Flash developer
and makes us think that anyone can
steal our job...
I guess this is a concern in auditing
flash sites, because if you have a
form of any kind or any other retrival
inside flash, someone can see it.
Maybe you could do some backend
security to increase your 'safety', as
requiring the request for a certain
info to be from the same host, but I
don't know that part...

Hope this helps. Please reply and
correct me!

Leo.

Hello all,

If a web site contains only flash files and has no
write permissions to modify those flash files, no
default files or other potentially dangerous scripts
can we say that is the "safest" form of a web site ?

Are there any other concerns in auditing a flash based
site ?

Thanks

John

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com



---
Acabe com aquelas janelinhas que pulam na sua tela.
AntiPop-up UOL - É grátis!
http://antipopup.uol.com.br

Current thread:

Re: Flash sites, (continued)
- Re: Flash sites Thomas Chiverton (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Max Moser (Sep 04)
  - Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Jean-Jacques Halans (Sep 04)
- Re: Flash sites Jeremiah Grossman (Sep 04)
  - Re: Flash sites ADex (Sep 06)
- RE: Flash sites Nick Duda (Sep 03)
  - RE: Flash sites Mathew C. Beckman (Sep 04)
- RE: Flash sites Piet Carpentier (Sep 04)
- Re:Flash sites leorl (Sep 04)
- FW: Flash sites GRIFFITHS ian (Sep 05)