Hello all.
I’m working on a project (a game) that will run inside a container which is a separate swf. The purpose of this container is to be a sort of landing/end page for future games that’s standardized.
For example:
-container.swf is embedded directly in the HTML page, and is given a flash var with the location of the game (game.swf).
-container.swf loads in game.swf as a child MovieClip
-At the end of gameplay, game.swf dispatched an Event containing the score and other pertinent game information
-container.swf has eventListeners that activate when game.swf dispatches those events, and stores the score given from the game.swf onto separate servers (in a db of some sort)
Now, we have a security option set up to keep the data from being tampered with as it travels from container.swf over to the database (as it is travelling over HTTP, which is easily intercepted, so a hash is included to verify the delivered contents)
My partner also believes that a similar hash-verification systems needs to be in place for the communications between game.swf and container.swf. However, I was under the impression that, since those communications don’t travel over HTTP (and rather travel through the Flash player virtual machine type thing), adding such security is unnecessary (and retrofitting container.swf would be a non-trivial task).
So, which of us is correct? Is inter-swf communication (via eventListeners) inherently secure (since that would require lightning fast hacking in order to intercept the data…nanoseconds at best)? Or is adding another layer of security actually useful?
Thanks in advance!
