swf file un secure
Results 1 to 7 of 7

Thread: swf file un secure

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    50

    swf file un secure

    Ok well i need to make a page where you put your username and password in and it gets you to the pay page. So i bought CoffeeCup Password Wizard to make them. And it worked out cool, then i looked at it in notepad just looked like jiberish then i saw my target URL (the url it goes too when you type the right username and pass in) just sitting their then i saw a big chunk with the usernames and password clumped together. So my question is anyone know howto encrypt this, or any better programs that dont have the target sitting right their! any help would be nice. Thanks!
    Hacker dan

  2. #2
    I do not know if this was written using actionscript, or if the actionscript called any server side scripting language. What do you mean by "big chunk?" Where is it? In a file? A URL?

    Thanks for the reiteration.

  3. #3
    Member
    Join Date
    Feb 2003
    Posts
    50
    like when i look at it in notepad say the username is Cool and the password is Dumb it is just sitting their like this: CoolDumb Thanks for the help!
    Hacker dan

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    What kind of server are you working with? Do you have access to PHP and MySQL? I'd suggest storing the usernames and passwords in a password protected dB that is accessed using php. It'll definately make it more difficult to attept to obtain + the php source won't be displayed so the url would be hidden. Just have a login form and post it to a php file that opens a dB, finds the username then compares the passwords. Then a simple if statement, if they are correct load the correct url, else load an error page.

  5. #5
    Member
    Join Date
    Feb 2003
    Posts
    50
    actually cant do any of that im using geocities stupid free hosting (i know i know im geting good pay hosting once my income kicks in) so i guess i gota work with flash or java (coffee cup does both) unless i can find a more securer program then coffee cup
    Hacker dan

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Bear in mind that flash movies (swf) can be decompiled fairly easily.

    The only way to have even moderate security using client-side scripting is to obfuscate the target URL and use that to encode the password.

    (Javascript / Java / SWF / Something else client side) -> Encodes the password, and submits it as a URL
    Correct password -> Correctly obfuscated URL
    Incorrect password -> Incorrect URL. Web server gives "Not found" message (Except geocities probably spams you with 1,000,000 popups and ads)

    Unfortunately it makes changing the password difficult, typically you have to rename the directory where your protected pages are.

    Also, anyone can post the obfuscated URL and the security it broken. It also gets sent to other web servers in the referrer, and is stored in browser history, caches etc. So not really very secure.

  7. #7
    Member
    Join Date
    Feb 2003
    Posts
    50
    ok i get the idea now what should i switch to but you gota remember im limiting and what i can do because of geocities but im willing to learn a language to make a secure client or something. Thanks
    Hacker dan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •