Is there any difference in security or anything between these two password methods

1: stop();

&nbsp &nbsp &nbsp &nbsp password = pass
&nbsp &nbsp &nbsp &nbsp
&nbsp &nbsp &nbsp &nbsp if (password == “monkey”)

&nbsp &nbsp &nbsp &nbsp gotoAndPlay (“play”);

&nbsp &nbsp &nbsp &nbsp else

&nbsp &nbsp &nbsp &nbsp gotoAndStop (“wrong”);

(that is in the second frame of a movie clip)


2: if (password == “monkey”) {
gotoAndPlay= “play” ;
} else {
gotoAndPlay = “wrong” ;

     (second frame...main timeline.. not in separate movie clip)

any differences that would alter anything
or any reason to do one over the other I would like to know. thanks===monkey

well, i wouldn’t set the password to a variable, because there are programs out there that can sniff those as well as actionscript from an swf. so i would recommend ver 2.

don’t both of those use variables. I think they do. what is another safer way I could make a password or way to keep people out? (in flash)

Actually they aren’t variables…they are static strings of text and even if you made a variable inside of an if() statement, it would only be scoped to itself and not the entire main timeline!

Thoriphes states the easiest and smartest way…and if I was you I wouldn’t ever judge him wrong…and I mean ever because he is the Actionscript Guru!

Also… when thinking about a password set up… I like to have the frame AFTER the password detection, loop back to before the password detection. That way it is not as simple as “right click”. . .“forward”.

both methods are putting the password into the users hands via the swf. if security is really a concern, you need to do the verifying server side, passing the passphrase over a secure channel.

but weigh your costs and benefits here, who are you trying to keep out? and is it going to be worth implementing a system that is truly secure?

both methods are equally insecure, but will keep out people who don’t care. if anyone really wants in, and your verifying passphrases in the swf, they’ll get in.

it may be worth moving the verification server side, even if you don’t open a secure channel first. it would add another layer anyways.