[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption
- Subject: [cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption
- From: Paul Gillingwater <paul@xxxxxxxxxxx>
- Date: Mon, 14 May 2001 07:47:22 +0200 (CEST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
This might be a little off-topic, but hope for tolerance since it's
security-related. We're trying to find a way to pass information securely from
a Flash (Macromedia) client to a PHP script on the Cobalt server. Of course, we
can run this over SSL, but that's not the problem. We've seen indirect evidence
that users are disassembling the SWF file of the Flash program so they can
determine the hash we used to sign information sent to the server. This hash
was used so that we could reject information not sent from our client --
however, we can't find a cryptographic way to sign what we send, because there
are tools on the Internet to decode SWF files.
Any recommendations (off the list) would be gratefully received.
*********************************
Paul Gillingwater
Managing Director
CSO Lanifex Unternehmensberatung
& Softwareentwicklung G.m.b.H.
NEW BUSINESS CONCEPTS
E-mail: paul@xxxxxxxxxxx
Mobile: +43/699/1922 3085
Webhome: http://www.lanifex.com
Address: Praterstrasse 60/1/2
A-1020 Vienna, Austria
*********************************