I want to write a flash application that uses the facebook javascript api. for the flash application to use it, I'd have to write the secret and api key in the flash application. as far as i know every flash application can be decoded and the api key and secret key can be revealed. is there a way to properly protect those keys?
Asked
Active
Viewed 290 times
2 Answers
0
You can use secureSWF from Kindisoft. It allows you to encrypt the strings in your swf. The strings won't be plain visible to people that de-compile your application.
It's not a fail proof method but it sure helps a lot.
"String Encryption: secureSWF helps you protect your Flash and Flex application from a variety of security threats by providing literal strings encryption."
Oliver
- 487
- 2
- 9
0
I would suggest retrieving it from a secure location on your server. The server should look if the request comes from your domain, and only return the API key if it's the case.
sharvey
- 7,635
- 7
- 48
- 66
-
2in general a user can decompile my flash or sniff my network to see the exact request that is begin sent to the server. open my facebook application on his browser and use firebug to replace my swf file with his swf file that does the same request and displays them on the screen – ufk Aug 03 '10 at 15:52