I'm trying to secure SWF files uploaded by users on my website.

According to this Adobe Blog (http://blogs.adobe.com/stateofsecuri...tent_fr_1.html) all I have to do to prevent any malicious activity is to specify values for “allowScriptAccess” and “allowNetworking”.

Someone over at (http://stackoverflow.com/questions/4...flash-file-swf) also said that I should "Mask" the SWF into a loader as well, which I found a good example of it in action here: http://www.flashandmath.com/howtos/externalswf/

What confuses me about masking is: will the user's SWF be restricted when called within the mask.swf/loader.swf alone? Or do I have to set “allowScriptAccess” and “allowNetworking” to the mask.swf/loader.swf file?

Is there any other securing techniques I should know of before allowing the world to upload swf files to my server?