Reputation: 3641
Protection from SWF Interception and Injection when loading child SWF
So here is the situation, I have a parent SWF that is load multiple child SWFs below it. I want to know if there is any way I can 100% trust that all of these child SWFs are mine.
For instance, when loading child SWF "b.swf" from domain "http://example.com/b.swf" is there anyway I can always guarantee that the SWF passed to me is mine, and not one that has been intercepted and modified with the use of a tool like Fiddler, and then passed to me.
Something like checking its size, hash? I don't know, can any of you offer any help?
Upvotes: 0
Views: 289
Answers (1)
Reputation:
Well, you certainly can create a hash of your SWF that you are going to load. MD5 is a commonly used algorithm to do that. So, if along with the URLs you store MD5 hashes of the SWFs you are loading, it will be very difficult to come up with a fake SWF that generates the same hash. (Very difficult as it will probably take years, if not hundreds of years to make a SWF with the same hash).
This mechanism is often used with other software distributions. Many opensource tools provide md5 hashes with the programs / installers. Maven also uses MD5 hashes to make sure the libraries loaded are genuine. So that sounds like a way to go.
Upvotes: 1
Related Questions
- Is it possible to secure swf files?
- Protect SWF before compiling
- Isolating loaded swfs from using the parent
- Can I block a nested swf to make http calls?
- Flash: can I forbid ExternalInterface access to loaded SWF?
- Block/prevent Loaded SWF from accessing Loader's Stage
- SWF Loader & Flex's SWFLoader: child SWF sandboxing policy
- Restricting SWF file visibility
- Flash/AS3 security - passing movieclip reference to child swf?
- Is there any way to get around a Security Sandbox violation when a swf is loading another swf which loads another swf?