Professional Web Applications Themes

Flash shows the way to hack - PHP Development

Hey all, i'm new to this forum, joined today ;) I usually works with php and flash together, in most cases using flash to make beautiful forms that send their data to php scripts. Anyway, using this method for hi-frequented sites soon reveal its weakness. Too many users get the swf, decompile it, and then see what the swf points to and it's hacked... You surely can understand how frustrating it is, to write scripts that can be accessed by whoever. I was wondering if there is a way to hide the script details from undesired swf decompilers, or even ...

  1. #1

    Default Flash shows the way to hack

    Hey all, i'm new to this forum, joined today ;)

    I usually works with php and flash together, in most cases using flash
    to make beautiful forms that send their data to php scripts. Anyway,
    using this method for hi-frequented sites soon reveal its weakness.
    Too many users get the swf, decompile it, and then see what the swf
    points to and it's hacked...
    You surely can understand how frustrating it is, to write scripts that
    can be accessed by whoever.

    I was wondering if there is a way to hide the script details from
    undesired swf decompilers, or even better, if there is a way to
    secure the process.
    I hope i have been clear and not confusing :)

    Thanks in advance,
    darkHwoarang



    ----------------------------------------
    The post originated from PHP Freaks:
    ----------------------------------------
    [url]http://www.phpfreaks.com[/url]
    [url]http://www.phpfreaks.com/forums[/url]


    darkHwoarang Guest

  2. #2

    Default Re: Flash shows the way to hack

    I'm fairly new to this so may be wrong but why not send a password
    from Flash as a form variable to the PHP page to authenticate it? It
    doesn't matter that people can access the password by decompiling
    the .swf or accessing the variable on it's way to the PHP page
    since you can use the crypt() function in PHP to one-way encrypt it
    before authentication takes place. The crypt() function encrypts the
    password based on a salt so when you authenticate the page you
    authenticate yse the password based on it's encrypted form
    and not it's original form.

    Can a more accomplished PHP developer comfirm this is a suitable
    solution?

    [url]http://uk2.php.net/crypt[/url]



    ----------------------------------------
    The post originated from PHP Freaks:
    ----------------------------------------
    [url]http://www.phpfreaks.com[/url]
    [url]http://www.phpfreaks.com/forums[/url]


    DrQuincy Guest

  3. #3

    Default Re: Flash shows the way to hack

    mmm nobody answers <_<
    can't be shareable this lil knowledge? :rolleyes:



    ----------------------------------------
    The post originated from PHP Freaks:
    ----------------------------------------
    [url]http://www.phpfreaks.com[/url]
    [url]http://www.phpfreaks.com/forums[/url]


    darkHwoarang Guest

  4. #4

    Default Re: Flash shows the way to hack

    On Wed, 18 Aug 2004 12:20:47 -0500,
    [email]tim.bennettcodeinthewhole-dot-com.no-spam.inva[/email]lid (DrQuincy) wrote:
    >I'm fairly new to this so may be wrong but why not send a password
    >from Flash as a form variable to the PHP page to authenticate it? It
    >doesn't matter that people can access the password by decompiling
    >the .swf or accessing the variable on it's way to the PHP page
    >since you can use the crypt() function in PHP to one-way encrypt it
    >before authentication takes place. The crypt() function encrypts the
    >password based on a salt so when you authenticate the page you
    >authenticate yse the password based on it's encrypted form
    >and not it's original form.
    >
    >Can a more accomplished PHP developer comfirm this is a suitable
    >solution?
    >
    >[url]http://uk2.php.net/crypt[/url]
    >
    >
    >
    >----------------------------------------
    >The post originated from PHP Freaks:
    >----------------------------------------
    >[url]http://www.phpfreaks.com[/url]
    >[url]http://www.phpfreaks.com/forums[/url]
    >
    Actually, I don't think thats a good solution to the problem. A person
    can see this encryption being performed in the swf after its
    decompiled so they have access to the key.

    nospam4me@test123212.com Guest

  5. #5

    Default Re: Flash shows the way to hack


    I'm not sure what you mean by 'hacked.'

    It doesn't matter what front end you use on the client (browser) side,
    a form page on the server can always be sent undesirable information.

    If you don't want that to happen the correct answer lies in using
    logins, passwords and session handling, not some kind of client side
    magic. Each user should login. That way, at least you would know who
    the data in the form comes from.

    And also, even when they login, you still are going to have to check the
    data on the server side to see if it's valid.

    -d


    darkHwoarang wrote:
    > Hey all, i'm new to this forum, joined today ;)
    >
    > I usually works with php and flash together, in most cases using flash
    > to make beautiful forms that send their data to php scripts. Anyway,
    > using this method for hi-frequented sites soon reveal its weakness.
    > Too many users get the swf, decompile it, and then see what the swf
    > points to and it's hacked...
    > You surely can understand how frustrating it is, to write scripts that
    > can be accessed by whoever.
    >
    > I was wondering if there is a way to hide the script details from
    > undesired swf decompilers, or even better, if there is a way to
    > secure the process.
    > I hope i have been clear and not confusing :)
    >
    > Thanks in advance,
    > darkHwoarang
    >
    >
    >
    > ----------------------------------------
    > The post originated from PHP Freaks:
    > ----------------------------------------
    > [url]http://www.phpfreaks.com[/url]
    > [url]http://www.phpfreaks.com/forums[/url]
    >
    >
    Doug Guest

  6. #6

    Default Re: Flash shows the way to hack

    U can use whats called a code obfuscator this will prevent swf decompilers from working correctly
    Unregistered Guest

Similar Threads

  1. Flash Shows Up As Blank In Internet Explorer
    By brandtzipp in forum Macromedia Flash Player
    Replies: 1
    Last Post: March 20th, 04:47 PM
  2. Nikon D70 hack for ACR
    By yourname@your.com in forum Adobe Photoshop Mac CS, CS2 & CS3
    Replies: 1
    Last Post: April 4th, 02:35 PM
  3. flash content shows up as thumbnail on mac but normail on pcs
    By tanze26 webforumsuser@macromedia.com in forum Macromedia Flash Sitedesign
    Replies: 5
    Last Post: January 9th, 02:21 AM
  4. How to Hack Hotmail
    By donjones@optonline.net in forum ASP Database
    Replies: 3
    Last Post: September 2nd, 08:59 PM
  5. Need to hack my own system...
    By mtfester@netscape.net in forum Linux / Unix Administration
    Replies: 18
    Last Post: August 19th, 01:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139