3 Replies Latest reply on May 8, 2009 2:35 PM by kglad

    get URL + security

    yogi bear Level 1

      I'm a designer so be kind.

       

      I read about security issues in using GetURL. Is this only with javascript? If I use the getURL to open a blank window where all the HTML and swf are on the same server are those pages and swfs safe from injection, etc? I'm working in Flash 8 with AS 2.0.

       

      Thanks,

      Yogi

        • 1. Re: get URL + security
          kglad Adobe Community Professional & MVP

          as safe as any other non-flash linked page opening.

          • 2. Re: get URL + security
            yogi bear Level 1

            A very cryptic answer. Let me put it another way.

             

            1. Is "as safe" safe... or not always safe?

            2. Does one need to take security precautions when using the getURL method?

            3. Can that method be hijacked, injected?

            4. Was the javascript method suseptible to injection?

             

            I ask this not to avoid work but as I am over my head when reading some of the more technical literature on the issue.

             

            Thanks,

            Yogi

            • 3. Re: get URL + security
              kglad Adobe Community Professional & MVP

              1.  i know of no injection attacks that exploit getURL or regular html links.  but i suppose anything is possible.

               

              2.  no

               

              3.  never heard of that.

               

              4.  poor implementations of javascript have long been susceptible to exploitation.  but i don't know what you mean by "the" javascript method.

               

              in summary, there's nothing special that you need to do to secure a swf that uses getURL().  security precautions should be used (in the executable script) when calling executable script outside flash (like in javascript, php, asp etc).

              1 person found this helpful