7 Replies Latest reply on Jun 18, 2010 7:10 AM by JeffryHouser

    save development investment


      Hi all,

      Flex is a great sdk.

      I would like to use it for big solution in future.


      I think that Business Logic is safe on WebServer, but all the client features and logic can be decompiled.


      Wich is the Adobe solution or best pratices to save development investment?


      thank you



        • 1. Re: save development investment
          David_F57 Level 5



          Being able to decompile a swf to see how something is done is is more complex than clicking on source view to see how something is done compared to html/javascript etc. There are utilities out there to encrypt swf's if you really believe that there is something clever in your swf that half the world doesn't know about or can't find on google(I look at it this way unless you are in the top 1-2% flash/flex developers in the world anything you do has either already been done or can be found within a few minutes of web surfing for the solution).


          Quality developers can recreate something just by looking at it, if anyone needs the code to your swf to try and copy something you have done means they are far from any form of a threat, who would hire a developer with zero capacity to do it themselves.


          The code is not that important data on the other hand is and thats where you as the developer is responsible for insuring that within your swf there is no  code that could potential give free access to your data (i.e. embedding string based passwords in the swf).



          • 2. Re: save development investment
            max.soft Level 1

            Hi David,

            thank you for your reply.

            The problem is about client business logic.

            I dont speak about listtle game or special effect,

            I mean large ERP solution o particolar solution for big company department.


            In this way, have the client code, is a considerable advantage to understood business logic and all solution's features.


            HTML/Javascript is in clear mode, but, Ajax injects code to the browser client. In this scenario, intercepts and understand all Ajax injections is more difficult than decompile and see all UIControl, UIEvents.





            thank you



            • 3. Re: save development investment
              David_F57 Level 5



              I understood your question, but you have to consider if the business logic you are using is extremely proprietary no one is going to be that interested in it, if its standard business logic everyone already knows about it.  for instance I do rather complex calculators for the insurance industry but in each instance the logic is so different between company A and company B neither company would put any effort into discovering the others logic. If there was such concern from a client they wouldn't be on the net they would be running through vpn's.


              Also wouldn't your logic require login before the core application is launched ?. If your server isn't secure then client end security is irrelevant.



              • 4. Re: save development investment
                Gregor.Kiddie Level 2

                Seconding David's comments (better than a +1 I guess!)


                I've seen more than a few business types obsessed with protecting their swfs, but I'm yet to come across a scenario where its actually happened and been a problem for a company.


                It makes sense if you are Jeff Houser's market of selling components, you don't want someone to just pick up your hard work if you are selling it, but trying to protect business logic from competitors smacks of false security.


                If something is so important that no-one is allowed to see it, why is it part of a publically available resource?

                • 5. Re: save development investment
                  max.soft Level 1


                  thank you for you reply.


                  The solution is used by 3.000 users, is not public, but is shared enought to be copied by competitors.


                  Thank you.





                  • 6. Re: save development investment
                    David_F57 Level 5



                    I hate to give you the bad news but what ever corporation it is has obviously zero sense of internal security or have watched to many Tom Cruise movies, safety of swf content is so not an issue here.




                    the image - Tom Cruise hanging on a precariously thin line over a computer terminal trying to balance an i-pad correctly orientated with one hand whilst talking to Katie on his iphone with the other hand as all the worlds secrets are sucked into the ipad through the $5 app he got on iStore  that absorbs information from the em field of any secure computer.

                    • 7. Re: save development investment
                      JeffryHouser Level 4

                      Obligatory link to Flextras components: www.flextras.com


                      I actually do very little to protect our components, sample projects, and other assetts from decompilation or "unauthorized use".


                      Instead I focus on trying to adding value above and beyond for those that do become customers.