Re: [cobalt-security] Re: [cobalt-security]Maybe offtopic -- Flash encryption

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"Paul Gillingwater" <paul@xxxxxxxxxxx> wrote:
> This might be a little off-topic, but hope for tolerance since it's
> security-related.  We're trying to find a way to pass information securely
from
> a Flash (Macromedia) client to a PHP script on the Cobalt server.  Of
course, we
> can run this over SSL, but that's not the problem.  We've seen indirect
evidence
> that users are disassembling the SWF file of the Flash program so they can
> determine the hash we used to sign information sent to the server.  This
hash
> was used so that we could reject information not sent from our client --
> however, we can't find a cryptographic way to sign what we send, because
there
> are tools on the Internet to decode SWF files.

Other than managing projects with Flash content, I have little hands-on
experience with Flash, but this problem isn't specific to your Cobalt.  I
suggest posting on a messageboard at www.flashkit.com and checking for info
there and perhaps posting on the php-general mailing list at www.php.net.
There are also very good Flash mailing lists at
http://chattyfig.figleaf.com/, http://www.chinwag.com/flasher and
mailto:FLASHmacromedia-subscribe@xxxxxxxxxxxxxxx (don't have exact URL
handy, but it's at yahoogroups).

> Any recommendations (off the list) would be gratefully received.

This is a public mailing list.  It may be useful to others so I'm posting to
the list.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/