WebApp Sec mailing list archives
RE: Flash sites
From: "Mathew C. Beckman" <Security () mnbn net>
Date: Wed, 3 Sep 2003 15:54:51 -0500
Also remember that just because something is stored in a Flash file, doesn't mean it's safe. It is very easy to download, and decompile a Flash file to it's near-original form. From here, you can view calls it's making, files it loads, and any text stored in it. Take for example a site that has a password to enter, and the site is done in Flash. If that password is stored inside the Flash code, then it is not secure. Flash itself is interpreted and run from the end-users machine, not on the server. If you want it to be doing any processing, or offer any type of security services, you need to go ahead and have it call up scripts on the server-side. Flash itself does not open any security holes, nor does it explicitly prevent any. Much of it depends on the type of application you're creating. If you're creating a dynamic, data-driven application, the main point of security you need to look at is where and how the information is getting to the application. Of course, as Nick said, this is all a moot point if the server it's sitting on is not secure. - Matthew C. Beckman -----Original Message----- From: Nick Duda [mailto:nduda () VistaPrint com] Sent: Wednesday, September 03, 2003 12:05 PM To: John Madden; webappsec () securityfocus com Subject: RE: Flash sites Depends, if you mean web content itself then its pretty damn good. However you still have to worry about the webserver it sits on. The webserver itself can be hacked and then those flash files can be deleted , other files uploaded....and so on. -Nick
Current thread:
- Flash sites John Madden (Sep 03)
- Re: Flash sites Thomas Chiverton (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Max Moser (Sep 04)
- Re: Flash sites RSnake (Sep 04)
- Re: Flash sites Jean-Jacques Halans (Sep 04)
- Re: Flash sites Jeremiah Grossman (Sep 04)
- Re: Flash sites ADex (Sep 06)
- <Possible follow-ups>
- RE: Flash sites Nick Duda (Sep 03)
- RE: Flash sites Mathew C. Beckman (Sep 04)
- RE: Flash sites Piet Carpentier (Sep 04)
- Re:Flash sites leorl (Sep 04)
- FW: Flash sites GRIFFITHS ian (Sep 05)