Hi,
Flash security issues differ depending on scenario. Adobe
documentation for allowDomain bases mostly on couples (two
interconnected swfs). I am thinking on using three separated files;
two of them stored at myDomain.net and one external at some
EXTERNAL.net.
I would like to know your opinion on how secure could be using
allowDomain with a wildcard * in a loaded swf file, which allows
loading potentially any movie/swf from any external domains.
The intention is creating a proxy swf file that implements a set of
methods (a simple interface) that allows movies from external domains
getting pieces of information from the MAIN movie but does not allow
accessing MAIN objects/methods/properties directly. All of this kept
in Flash, with no external scripting and cross-domain policy files.
The situation looks like the following:
myDomain.net | EXTERNAL.net
-------------------------------------------- -----------------
|
A B C
MAIN. swf loads -> PROXY .swf loads -> Some.swf
into M1 into M2
A: B:
has object O1 uses allowDomain(*)
O1.name="Smith"
has mc M2
has mc M1 M2 is container
M1 is container for C (Some.swf)
for B (PROXY.swf)
has method FUN1
FUN1 returns O1.name
has method FUN2
FUN2 returns O2.name
has object O2
O2.name="Moore"
/There is no cross-domain.xml/
I have tested that:
* From movie C, there is accessible only the method FUN1 (from B - our
proxy), which returns a string "Smith", FUN2 (returning "Moore") and
the object O2.
* Movie C cannot access A (MAIN.swf) objects and methods, like O1 or
M1 despite of the allowDomain(*) in movie B.
* I tried using array notation in the external C, like _root["O1"].
This returns undefined.
* I tried a for..in loop on _root props from C - no results.
* If a method e.g. FUN3 in B would try to return an object from the
main A, e.g. O1, then the result of calling such method from C would
be undefined.
* If C tries to create a movieclip in A (_root.createEmpty...,
_level0.createEmpty...), no such movie is created.
* Ic C tries to create a movieclip in B, then it is possible, but
objects and methods from A are still not accessible from the scope of
the created movieclip.
* C cannot load any documents from myDomain, bacause there is no
cross-domain policy file.
It seems that despite of the wildcard, allowDomain(*) in B, the
external file C (Some.swf) has completely no access to A objects. At
the same time, C can access methods implemented in B, that return
basic types: string, number, boolean derived from A objects'
getters/public props/returned values; this way, we can allow external
movies C1, C2 ... Cn to get any information (at least in a serialized
fashion) about the status of the base move (MAIN.swf) objects but in a
controlled way, depending on the API implemented in B (our proxy).
Finally, the question is... is this method secure ? Are there still
ways to break from C (Some.swf) into our base movie A (Main.swf) ? It
seems that there are not, but I am no expert in Flash security and
this method can have holes. What is your opinion ?
Thanks,
Greg
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
