Hello reader, I have a question about security.
Friends making a new webdev community and we would like to have flash avatars/sigs.
Offcourse these avatars are build by the members theirself, so we have to be carefull about the security…We dont want a redirect to their site, we dont want them to use sound, we dont want them to try do some crosssite scripting etc etc.
I ask myself, if I make an empty mc that loads the sig/avatar and we put that online with the use of SWFObject and NEVER allow scriptaccess…how much damage could it do?
I think that the security sandbox will prevent loading external php/asp/txt etc (when the swf is hosted online), but Im not sure though, so if im wrong correct me pls.
But I have also some questions about the getURL and/or loadSound stuff etc…
How can I prevent/detect through this empty mc, if the loaded movie calls a soundfile or another swf (from maybe a second account with “part 2” from his evil swf.
My english is rubbish, so in short…I would like a loader clip that DOESN ALLOW ANYTHING to call external files, if it does try to do loadvars/send/sendOrLoad/load/loadVariablesNem etc etc, the loader must connect to our unlink.php and remove this loaded swf.
I hope you guys understand my question, sry about the bad english 
(pls dont say “dont use swf as sigs/avatars”) 
