> > I'm not familiar with the phrase "lambda user", so I can only presume it > means a non-technical user.
Yes indeed > But are those the people who you're concerned about? > I think it's worthwhile to mention that you might have different > goals and expectations with regard to obfuscation than others might. My > point was simply that you can't guarantee that your Flash code can't be > reverse-engineered. I don't think I said something different with "you will never obtain 100% code protection" Here for example a goal you can not reach with obfuscation: - you have an online game in flash Goal: you want to avoid to have your SWF copied all around on different site Here the obfuscation will be not really usefull > If you're willing to accept that limitation, you might > want to implement all the things you mentioned. > But that's still a very big limitation. > There are certain things that, for security reasons, you > simply wouldn't want to do within your Flash code for this reason - > shopping cart engine functionality comes to mind. > You wouldn't want your server-side application to blindly accept > inputs from Flash for obvious reasons. > Humm but this is a different thing You got the "security" of the source code, the SWF, etc... And You got the security of your application And this, the SWF being accessible or not, Being decompiled or not You can secure it using data encryption Dumb exemple: User login on his shopping cart The flash can have a MD5 Function to hash its password before sending it to the server etc. an external "attacker" can access as much as he want the MD5 hash function code, this will not break the security of the hash. The weakness in a hash function is the hash function algorithm itself, Not the fact that you can access its implementation in code. ( and yes I know MD5 is broken, and few others too, cf http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html ) zwetan _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders