0 Replies Latest reply on Jan 4, 2010 1:42 PM by vertex_shader

    hacking flash


      In a Facebook flash app, you're not suppose to hardcode the secret app key (given to you by Facebook) because the app can be decompiled.

      Everyone suggests passing it in to the SWF via flash vars, for example:


      // Get FlashVars
      flashVarsParams = loaderInfo.parameters; // grab the secret key, session key, user id, friendsList...etc.

      However, as this video illustrates:



      A user could find the memory location of loaderInfo.parameters and find the secret key value. Correct?