[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption
- Subject: Re: [cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Mon, 14 May 2001 08:41:55 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Paul Gillingwater" <paul@xxxxxxxxxxx> wrote:
> This might be a little off-topic, but hope for tolerance since it's
> security-related. We're trying to find a way to pass information securely
from
> a Flash (Macromedia) client to a PHP script on the Cobalt server. Of
course, we
> can run this over SSL, but that's not the problem. We've seen indirect
evidence
> that users are disassembling the SWF file of the Flash program so they can
> determine the hash we used to sign information sent to the server. This
hash
> was used so that we could reject information not sent from our client --
> however, we can't find a cryptographic way to sign what we send, because
there
> are tools on the Internet to decode SWF files.
Other than managing projects with Flash content, I have little hands-on
experience with Flash, but this problem isn't specific to your Cobalt. I
suggest posting on a messageboard at www.flashkit.com and checking for info
there and perhaps posting on the php-general mailing list at www.php.net.
There are also very good Flash mailing lists at
http://chattyfig.figleaf.com/, http://www.chinwag.com/flasher and
mailto:FLASHmacromedia-subscribe@xxxxxxxxxxxxxxx (don't have exact URL
handy, but it's at yahoogroups).
> Any recommendations (off the list) would be gratefully received.
This is a public mailing list. It may be useful to others so I'm posting to
the list.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/