开发者

can I prohibit users from loading swf files by AS3 / Flash Loader.load() and only allow loading images?

I want to have an AS3 app load images from url supplied by the user. But I don't want a malicious user to be able to load an SWF file in place of the image, such as with an altered extension "maliciousSwf.png". Well, not sure how big 开发者_高级运维a security threat that is above and beyond the ability of the hacker to decompile swf, but I think that ideally such behavior should not be allowed.

So, is there any way to prevent this? When people allow users to load images in their Flash apps, do they somehow guard against loading of SWF? Or is this really absolutely no big deal?


You just need to make sure user loaded files are loaded into a separate security domain as your main application. Then their code will not be able to override any of yours. If you want to be extra safe, also put a content mask on the loading area, so that their content can not extend out of its bounding box.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜