Quote:
Originally posted by JerryJ
If you don't want to allow any swf interaction with the server, refuse any swf that require txt or other files.
Then, you can have your script place all uploaded swf files into a separate directory, and chmod both that directory and the uploaded swf files in that directory to a level on your server which will prevent malicious use (ask your admin for proper level, varies on some setups). Let the server do most of the work for you.
If you allow any server-swf interation without reviewing the fla or a decompilation first, you have no idea what the author may have hidden, nor what triggering mechanisms may be employed in the submitted swf file. Ex: Someone could submit a seemingly harmless swf file that has malicious code which is only triggered on a certain date by certain keypress combos.
I don't fully understand you (i'm dutch) but i understand that there is no way to do a check of what the .fla (swf) animation does fully... maby i only can grant access for reading that file and not other files :) or something.