-
[F8] Secure sendAndLoad???
Hi guys,
I'm just needing to check what is the best way to make sendAndLoad secure.
I am making a flash app that intergrates with PHPBB forum -- so i could pass the flash app the "SID" which is unique to the person logged in.
I also know if the person is logged in or not -- otherwise the page redirects also using the PHPBB methods.
If i give the flash app _root.SID = SID (from the page it's on, using AC_FL_RunContent)
Could i then post this SID to the php to compare it with the current logged in users SID.
I know how to do all the above -- but is it a good way to insure the flash is being run on my site?
If this looks like total bs - can someone please explain the best way to send scoreboard info without it being hackable.
Many thanks!
Cheers.
-
Senior Member
move to scripting and backend where I think you'll get better responses form someone who has experience in security issues and sending data.
-
Cheers whispers!
Hopefully somone will know what i'm trying to do!
Thanks again.
-
Hi,
is your goal to prevent wrong people from submitting information, or is it rather to prevent the right people (logged-in players) from submitting false information?
Musicman
-
It's hopefully a way of stopping people from downloading my swf, decompiling it, and submitting false values to the database.
I'm hoping that being logged in to the PHPBB forum, and having a genuine login SID --- passing that to flash, then getting flash to pass it back to the page, will insure that the variables it passess are genuine.
edit
I've asked a similar question before, and YOU showed me a site that recomplies the swf each time to stop decompiling. thanks for that link
But this time - i really dont mind if the person can see what is being sent back to the server, i just dont want them to be able to send false values.
Last edited by itsallgood; 08-20-2008 at 05:10 PM.
-
Hi,
well - seeing the data that is sent, plus (eventually) decompiling the movie to find out how data is transformed before sending, should be good steps to send false data.
I am sure you - or a dedicated hacker - could watch your own submission with wireshark or possibly the tools in firefox
Musicman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|