A Flash Developer Resource Site

Results 1 to 4 of 4

Thread: Writing a Forum in Flash

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    1

    Question Writing a Forum in Flash

    Forgive me for posting this same topic in several categories, but I am not quite sure where it will get the most attention.

    I am in the process of writing a forum (or at least a forum client) in Flash.

    However, many things concern me.

    Security
    Since there are several SWF decompilers out there, I am worried about hackers. By decompiling the client, would they be able to make modifications to the database, spam, or hack accounts?
    What would be some good ways to stop malicious individuals, or at least prevent them from doing any major damage or getting their hands on private information?

    I could easily enhance my knowledge in Java, PHP, or ASP.net in case it would help.

    Hosting
    Most likely, the database will be MySQL or MS SQL. Also, the hosting would need to be able to handle hundreds of hits per day. Also, if any other programming languages are used for the server, they would need to be supported too.

    On top of all of this, I have a limited income, which could be solved by advertising or sponsorships.

    I would definitely be able to set up my own server, however, I don't know how much my DSL connection can handle in case the traffic gets to be too much.


    Advertising/Sponsorships
    Since forums often get at least hundreds of views per day, that would be an ideal market for advertising. Sadly, MochiAds only puts advertisements in games.

    Are there any advertisers out there that would be willing to place advertisements in the Flash forum?
    Or perhaps someone would be willing to sponsor the whole arrangement?
    Where would I be able to get into contact with potential advertisers or sponsors?


    I do not need any help as of now for programming in ActionScript, however, if anyone can help me on these topics ASAP.


    Andreas

  2. #2
    Registered User
    Join Date
    Feb 2001
    Posts
    13,044
    Hi,

    just wanted to answer the security bit: a flash forum, as well as a html based one, has all the intelligence on the server side (or should have), so decompiling the swf should not give more insight than reading source of html forum pages. To put it the other way round, it would be a gross error to put the database password into the movie and send complete sql queries to the server
    One thing that might need attention: make sure that no user-supplied html ever gets into the database and back to other viewers.
    As for spamming: you would do the same precautions as for a html forum: either require members to sign up with an email check, and login for posting, or use a captcha

    Musicman
    Last edited by Musicman; 12-31-2008 at 06:12 PM.

  3. #3
    Programmer
    Join Date
    Aug 2007
    Posts
    173
    im going to do sortof the same thing...not the size of a forum..well maybe ...using Flash, php and MySQL....

    the Security for users should be fine ( obv put a hash on passwords..i use sha1)
    and im going have a row for IPs on posts , so if a hacker does manage to make a Spam bot...you can delete all posts made by that IP and block him from making a new user.

    im guessing you know how do this your self if your planing on building your on forum in flash.

    if you dont just ask ^^
    Freelance: AS2, AS3, PHP, MySQL, JavaScript
    Skype: hunty93

  4. #4
    Registered User
    Join Date
    Feb 2001
    Posts
    13,044
    Hi hunty93,

    hackers are not necessarily doing all the work from their own IP. We observed a "try user/pass" campaign against a webserver that lasted about two months. There was about one request every 3 minutes coming from several hundred different IP addresses over the world. Obviously manual IP based blocking does not help, and any system that triggers on a few requests from the same IP in close succession does not handle that attack either. In fact, I would believe that most server admins would not even notice that thing. I also have seen spam posts to a guestbook organized that way - a simple captcha finally stopped those.
    It seems that renting a botnet of infected machines is cheap these days.

    Musicman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center