如何禁止用户通过AS3 / Flash Loader.load()加载swf文件,而仅允许加载图像?
[英]can I prohibit users from loading swf files by AS3 / Flash Loader.load() and only allow loading images?
问题描述
I want to have an AS3 app load images from url supplied by the user. 
我想让AS3应用程序从用户提供的URL加载图像。 But I don't want a malicious user to be able to load an SWF file in place of the image, such as with an altered extension "maliciousSwf.png". 但是我不希望恶意用户能够加载SWF文件来代替图像,例如,将扩展名更改为“ maliciousSwf.png”。 Well, not sure how big a security threat that is above and beyond the ability of the hacker to decompile swf, but I think that ideally such behavior should not be allowed. 好吧,不知道黑客反编译swf的能力有多大的安全威胁,但是我认为理想上不应允许这种行为。
So, is there any way to prevent this? 那么,有什么办法可以防止这种情况发生? When people allow users to load images in their Flash apps, do they somehow guard against loading of SWF? 当人们允许用户在其Flash应用程序中加载图像时,他们是否以某种方式防止SWF加载? Or is this really absolutely no big deal? 还是这真的没什么大不了的?
1 个解决方案
解决方案1
1 已采纳 2010-04-05 16:06:55
You just need to make sure user loaded files are loaded into a separate security domain as your main application. 您只需要确保将用户加载的文件作为主应用程序加载到单独的安全域中即可。 Then their code will not be able to override any of yours. 这样,他们的代码将无法覆盖您的任何代码。 If you want to be extra safe, also put a content mask on the loading area, so that their content can not extend out of its bounding box. 如果要更加安全,请在加载区域上放置内容遮罩,以使它们的内容不会超出其边界框。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.