How to prevent my application from decompilation

Question

If I have my application attached on my web page as swf, anyone can get the url of the swf and download it - decompile it...what can I do to prevent that, or make my application more safe if there are sensive data?

Answer 1

Use obfuscators, for one thing. I haven't tried any personally, but from doing some research on the web, SecureSWF and especially irrFuscator are probably going to be your best bets. And as some people have already noted, keep sensitive stuff on the server and out of the swf, because you're not going to block people completely from reverse-engineering this stuff.

Answer 2

You shouldn't put sensitive data in the client. Keep the sensitive data server side, and let the server do any comparisons to it, returning just a true/false to the client. I don't think there is a safe/secure way for storing and accessing it client side. As when accessing, that moment can be detected and read out.

edit: About your source code, a good enough compiler will make the code pretty hard to read after decompiling. But you can't go much further from there, I think.

Answer 3

The short answer is that you can't. Anything that the user sees is already in their machine. You can't keep them from decompiling your application, much in the same way that you can't keep someone from decompiling a DLL in a windows application.

If you wish to keep sensitive data away from the client, you could have a client-server architecture. Serve only what you don't mind being reverse engineered.