0

I'm using loadVars to load a PHP URL with lots of sensitive information required for the Flash application. Only problem is that URL can be accessed via a web browser which raises security issues if someone gets a hold of this URL. Is it possible to have the PHP page only accessible via my Flash application?

Appreciate the help!

Thanks

Wasim
  • 4,953
  • 10
  • 52
  • 87

3 Answers3

2

No, there is no way to limit a page to a specific app, browser or user agent, since all of those things can be mimicked. If you are passing around sensitive information then you need to do authentication and use encrypted data transfer (HTTPS).

PPrice
  • 2,243
  • 17
  • 12
1

Regardless of how you attempt to make it only accessible from your Flash application, a determined user will certainly be able to view the page also. It can be as simple as proxying the requests through an HTTP proxy like Charles, Firebug or Wireshark.

There are things that can be done to make it more difficult to figure out what the data is from viewing the page directly. For instance, you can encrypt the data or output it as binary. But since SWF is an open sourced format, users can use decompilers or just inspect the ABC (Actionscript Byte Code) to see what is really going on.

The short answer is NO, you cannot protect the information available to the client side (Flash) from being accessible from other clients.

sberry
  • 128,281
  • 18
  • 138
  • 165
  • What if I protect my swf with protection like Amayeta SWF Encrypt or DComsoft SWF Protector, i've been using the DComsoft one, but i've never really known if it's decrypt-able? – Wasim Aug 12 '11 at 16:44
0

As long as you have a page on HTTP, a determined user can always find a way around any user-agent restrictions imposed by you. One way to protect the data (other than using HTTPS) is to encrypt it at the server, send it over HTTP and then decrypt it in Flash using as3Crypto or some other cryptography library.

Hope this helps,

Pranav Hosangadi
  • 23,755
  • 7
  • 44
  • 70