Manualshelf

Specifications

ManualsBrandsApache ManualsGadgetsMP3-341
51525354555657585960
49ADOBE FLEX 3
Building and Deploying Adobe Flex 3 Applications
Disabling viewSourceURL
If you enabled the view source feature by setting the value of the viewSourceURL property on the
<mx:Application> tag, you must be sure to remove it before you put your application into production.
This functionality applies only to Flex Builder users.
Remove sensitive information from SWF files
Applications built with Flash share many of the same concerns and issues as web pages when it comes to
protecting the security of data. Because the SWF file format is an open format, you can extract data and algorithms
contained within a SWF file. This is similar to how HTML and JavaScript code can be easily viewed by users.
However, SWF files make viewing the code more difficult. A SWF file is compiled and is not human-readable like
HTML or JavaScript.
But security is not obtained through obscurity. A number of third-party tools can extract data from compiled
SWF files. As a result, do not consider that any data, variables, or ActionScript code compiled into an application
are secure. You can use a number of techniques to secure sensitive information and still make it available for use
in your SWF files.
To help ensure a secure environment, use the following general guidelines:
Do not include sensitive information, such as user names, passwords, or SQL statements in SWF files.
Do not use client-side username and password checks for authentication.
Remove debug code, unused code, and comments from code before compiling to minimize the amount of
information about your application that is available to someone with a decompiler or a debugger version of Flash
Player.
If your SWF file needs access to sensitive information, load the information into the SWF file from the server
at run time. The data will not be part of the compiled SWF file and thus cannot be extracted by decompiling the
SWF file. Use a secure transfer mechanism, such as SSL, when you load the data.
Implement sensitive algorithms on the server instead of in ActionScript.
Use SSL whenever possible.
Only deploy your web applications from a trusted server. Otherwise, the server-side aspect of your application
could be compromised.