0 Replies Latest reply on Oct 29, 2009 3:08 PM by Windhorse Media

    Using Sensitive Data in Flash

    Windhorse Media



      I am working on a Flash project for the web which will be using some sensitive information (for example, username, password). I am concerned about putting that data directly in the Flash file (that is, in the Actionscript used in the Flash file) in case someone decides to try to download and crack the swf. Although I am sure someone else has had to deal with this issue, I cannot seem to find a solution.


      The solution I have attempted to implement is as follows.


      1. Place the sensitive data in an external file (I am using an XML file).
      2. Load the data into the Flash file at runtime.
      3. Secure the data file.


      Step #3 is where I am running into trouble. I have attempted the following methods of securing the data file.


      1) Place the data file in a directory that is not accessible from the web (for example, underneath public_html). This method failed presumably because the web browser needs to access the directory?


      2) Place the data file in a web accessible directory that has been password protected via .htaccess. This method fails because a visitor is prompted to enter a password in order for data to be loaded into the Flash file.


      3) Use .htaccess to only allow access to the data file and/or its directory from the same domain. Once again, this fails presumably the request from the web browser is coming from the visitor's IP?


      Any suggestions?