Hi, Flash security issues differ depending on scenario. Adobe documentation for allowDomain bases mostly on couples (two interconnected swfs). I am thinking on using three separated files; two of them stored at myDomain.net and one external at some EXTERNAL.net.
I would like to know your opinion on how secure could be using allowDomain with a wildcard * in a loaded swf file, which allows loading potentially any movie/swf from any external domains. The intention is creating a proxy swf file that implements a set of methods (a simple interface) that allows movies from external domains getting pieces of information from the MAIN movie but does not allow accessing MAIN objects/methods/properties directly. All of this kept in Flash, with no external scripting and cross-domain policy files. The situation looks like the following: myDomain.net | EXTERNAL.net -------------------------------------------- ----------------- | A B C MAIN. swf loads -> PROXY .swf loads -> Some.swf into M1 into M2 A: B: has object O1 uses allowDomain(*) O1.name="Smith" has mc M2 has mc M1 M2 is container M1 is container for C (Some.swf) for B (PROXY.swf) has method FUN1 FUN1 returns O1.name has method FUN2 FUN2 returns O2.name has object O2 O2.name="Moore" /There is no cross-domain.xml/ I have tested that: * From movie C, there is accessible only the method FUN1 (from B - our proxy), which returns a string "Smith", FUN2 (returning "Moore") and the object O2. * Movie C cannot access A (MAIN.swf) objects and methods, like O1 or M1 despite of the allowDomain(*) in movie B. * I tried using array notation in the external C, like _root["O1"]. This returns undefined. * I tried a for..in loop on _root props from C - no results. * If a method e.g. FUN3 in B would try to return an object from the main A, e.g. O1, then the result of calling such method from C would be undefined. * If C tries to create a movieclip in A (_root.createEmpty..., _level0.createEmpty...), no such movie is created. * Ic C tries to create a movieclip in B, then it is possible, but objects and methods from A are still not accessible from the scope of the created movieclip. * C cannot load any documents from myDomain, bacause there is no cross-domain policy file. It seems that despite of the wildcard, allowDomain(*) in B, the external file C (Some.swf) has completely no access to A objects. At the same time, C can access methods implemented in B, that return basic types: string, number, boolean derived from A objects' getters/public props/returned values; this way, we can allow external movies C1, C2 ... Cn to get any information (at least in a serialized fashion) about the status of the base move (MAIN.swf) objects but in a controlled way, depending on the API implemented in B (our proxy). Finally, the question is... is this method secure ? Are there still ways to break from C (Some.swf) into our base movie A (Main.swf) ? It seems that there are not, but I am no expert in Flash security and this method can have holes. What is your opinion ? Thanks, Greg _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders