> Thanks Dave, this is probably why my head hurts. I guess I'm pretty > interested in > security specific to flash player and how it can be attacked.
Right, but for the most part this doesn't have anything to do with developers. As a developer, I can build applications that use the features of the Flash Player, but presumably they're going to use those features in a responsible way. Most Flash Player-specific security issues are end-user issues: an end-user might run someone else's application which is intentionally designed to do malicious things. The same thing happens with PDFs: as a developer I might build PDF forms, for example, but I'm not going to try to compromise the client that uses them. But end-users may well download PDFs intentionally designed to do just that. So, in summary, as a developer, you need to assume that your client-side code can be completely viewed by an attacker, and you need to secure the server-side calls made by that code just like you would with an HTML interface. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders