Protecting something is all about numbers
a) foobar.swf
no protection, no obfuscation, nothing
accessible in the browser cache
b) how many % of users will just know that they can
decompile the SWF with some tools as ASV or others ?
c) how many % users will want so bad the source code of the SWF to
actually buy the tool to decompile it ?
d) add obfuscation
how many % of users will be motivated and skilled enougth
to reverse the obfuscation ?
e) add SSL + prevent SWF caching
how many % users will be motivated and skilled enougth
to set up and use a proxy and/or a HTTP sniffer ?
Personaly I think that if someone can bypass the obfuscation, (not "jump
tricks" but *real* obfuscation by variable renaming/hashing - see
http://tech.motion-twin.com/obfu ) then there is no need for additional
protections because the user is motivated enough to bypass them as well.
I think that you need to protect from two things :
a) internal attacks, by obfuscating the SWF
b) external attacks, by obfuscating the protocol
This is not *real* security - it should just be called "tricks" to get
rid of people without enough free time or technical background.
Nicolas
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders