I am working on a Flash project for the web which will be using some sensitive information (for example, username, password). I am concerned about putting that data directly in the Flash file (that is, in the Actionscript used in the Flash file) in case someone decides to try to download and crack the swf. Although I am sure someone else has had to deal with this issue, I cannot seem to find a solution.
The solution I have attempted to implement is as follows.
Step #3 is where I am running into trouble. I have attempted the following methods of securing the data file.
1) Place the data file in a directory that is not accessible from the web (for example, underneath public_html). This method failed presumably because the web browser needs to access the directory?
2) Place the data file in a web accessible directory that has been password protected via .htaccess. This method fails because a visitor is prompted to enter a password in order for data to be loaded into the Flash file.
3) Use .htaccess to only allow access to the data file and/or its directory from the same domain. Once again, this fails presumably the request from the web browser is coming from the visitor's IP?