[F8] Secure sendAndLoad???

**itsallgood** · 08-19-2008, 05:12 AM

Hi guys,

I'm just needing to check what is the best way to make sendAndLoad secure.

I am making a flash app that intergrates with PHPBB forum -- so i could pass the flash app the "SID" which is unique to the person logged in.

I also know if the person is logged in or not -- otherwise the page redirects also using the PHPBB methods.

If i give the flash app _root.SID = SID (from the page it's on, using AC_FL_RunContent)

Could i then post this SID to the php to compare it with the current logged in users SID.

I know how to do all the above -- but is it a good way to insure the flash is being run on my site?

If this looks like total bs - can someone please explain the best way to send scoreboard info without it being hackable.

Many thanks!

Cheers.

**whispers** · 08-19-2008, 11:39 AM

move to scripting and backend where I think you'll get better responses form someone who has experience in security issues and sending data.

**itsallgood** · 08-19-2008, 03:25 PM

Cheers whispers!

Hopefully somone will know what i'm trying to do!

Thanks again.

**Musicman** · 08-20-2008, 12:47 AM

Hi,

is your goal to prevent wrong people from submitting information, or is it rather to prevent the right people (logged-in players) from submitting false information?

Musicman

**itsallgood** · 08-20-2008, 05:03 PM

It's hopefully a way of stopping people from downloading my swf, decompiling it, and submitting false values to the database.

I'm hoping that being logged in to the PHPBB forum, and having a genuine login SID --- passing that to flash, then getting flash to pass it back to the page, will insure that the variables it passess are genuine.

edit

I've asked a similar question before, and YOU showed me a site that recomplies the swf each time to stop decompiling. thanks for that link

But this time - i really dont mind if the person can see what is being sent back to the server, i just dont want them to be able to send false values.

**Musicman** · 08-24-2008, 03:53 AM

Hi,

well - seeing the data that is sent, plus (eventually) decompiling the movie to find out how data is transformed before sending, should be good steps to send false data.
I am sure you - or a dedicated hacker - could watch your own submission with wireshark or possibly the tools in firefox

Musicman

Thread: [F8] Secure sendAndLoad???

Thread Tools

Display

[F8] Secure sendAndLoad???

Posting Permissions