I’m thinking about using flash for a login script (and hardcode the user/pass in the A/S). The number of users will be limited and administration minimal.
I have some questions though (surprise surprise ):
Is it possible to dissassemble a swf-file? So “evildoers” can read the user/pass directly from the actionscript?
Is it impossible to download a flashmovie from a website? I know there are dl-utilities that trawls through a site and give you the option to dl all of it, will this include the flashmovies too? (Very “niche”-question, I know, but highly relevant)
Because, in that case, I guess it would be possible to make a script that finds the user/pass through trial and failure…
This could be avoided though if I implement a “wait for XX seconds if 10 inlogging attempts failes”-thing…if you manage to fail 10 times you don’t deserve to get in ( ) and if you use a script to crack the pass/user you would need ages…
What do you think? Is using flash for login a good/bad idea?
The point isn’t to make a “Fort Knox”-script but to apply a moderate security.
there are actionscript viewers that allow people to view the actionscript (hence the name) of your SWFs. So there really is no such thing as a secure flash site…
That’s not true Jubba. It is only true that you cannot do it easily, and not with JUST Flash.
Buy a book called Server-Side Flash ISBN 0-7645-3598-6
I could not possibly hope to explain all of the safty issues involved in creating a secure site, but you certainly can get a flash site as secure as any other site out there. The idea is that you would need to have your Flash communicate with a server side script. PHP seems to work the best that I’ve found so far. This in turn, communicates with pages which are not accessable to your viewer and gets it’s passwords and names and such from there, or a third source database. This is the same sort of thing that any other site does to preserve integrity of passwords and or credit card numbers.
The book above will not explain it all to you, you’ll still need to learn some amount of PHP or ASP in order to work your site, but it will explain fully the linkage between flash and these other types of pages.
What do you currently know about communicating with your server? I know that we have a couple here including myself who are coming along nicely. Kirupa knows ASP, I believe since most of his site is ASP driven, Dan know PHP, I’m learning both now.
Not only can we come up with some sort of explination, we SHOULD, just for the sake of doing it. We’re all going to need the scripts at one point or another. I know I’m interested in this sort of thing. I’ll try to direct their attention over to this thread and maybe we can get a discussion going.
In the mean while, you will need to aquire some information in order to help us out. You have to find out from your provider, what type of server it is, most likely it’s Unix running Apache. Are you using FTP to upload your page to the server, have they provided an FTP that you are required to use?
If you’re paying for the server space you can usualy call them to find this information out.
If you’re on a free site you might have to email them and wait for a reply.
I’ve talked to my employer and the security/login stuff is out of my hands. We have a “guru” here that will do it. I don’t mind really, I must confess I didn’t know 100% of what was ahead of me when I started this project and you guys have helped me alot, but there is a limit to how much time I can invest on this. I’m doing this between semesters, I’m normally an astrophysics student and when the semester starts in 2 weeks I won’t have that much time because that is really timeconsuming
I wish though that I could spend more time on this and work with you to find a solution, to learn more about flash and programming. If my studies go down the drain, maybe I will
Computers is my second big passion in life. If it wasn’t for that danged thing called space I would sit here flashin/programming 24/7/365!!
So, I’m afraid I can’t help you on this matter, but you have my utmost respect for helping me and others so much!!
Back to work. See you in the forums, me asking questions, you’all helping me out
Well, you’re in a great possition actually. You’ve got someone who is going to do it there. If I were you, I’d simply ask him a few questions about how he’s going to accomplish the task. He probebly already has a pretty good idea about what he’s going to try.
):
) and if you use a script to crack the pass/user you would need ages…