Reputation: 2606
Is a SWF whose src uses HTTPS secure?
Here is a scenario:
I am embedding form.swf in http://somesite.com/page.html. The SWF is loaded from https://example.com/form.swf and submits to https://example.com/secureform.php.
So, is the transmission to the server secure?
Upvotes: 1
Views: 472
Answers (2)
Reputation: 1152
Yeah, you are going to have to elaborate on what you mean by 'secure'. HTTPS just provides transport security (in most cases). It doesn't provide end-point security. That is to say, there is no way to guarantee that either end of the connection is secure, just that the transport is (mostly) secure. If either end point has been hacked many kinds of attacks can occur through altered SSL certificates. So you can't trust the client data. I will assume for now you can trust the server data (or you are in real trouble :-)).
Upvotes: 1
Reputation: 7924
It depends what you mean by secure. I think you are asking whether the submitted data is secure, and the answer is that if you are using HTTPS, it is.
HTTPS on the SWF ensures just that the Flash object cannot be maliciously modified between the server and the client.
Upvotes: 2
Related Questions
- Is it possible to secure swf files?
- swf not working in IE when using https
- Is video displayed over https?
- SWF not playing in IE over https?
- Can an HTTPS served SWF file request non-secure HTTP content?
- Security issue in regard to flash .swf files
- Flash + Javascript + HTTPS (SSL)
- how to make secure SWFs?
- Embedding insecure flash objects on a secure page
- Why an embeded swf won't play on a page under https?