Decompiling Flash

Every so often I get asked ‘Just how safe is it for me to leave all my code in my flash application?’

I have always found this funny as compiled code can potentially be decompiled. I saw a thread flying arround one of the office mailing lists and decided to share! thanks to Alex for this one.

There are decompilers available for C++, Java and most other programming languages. There are obfuscators available for Flash (and most other programming languages too) that make decompiling more difficult, but this is still not totally safe. I think you are much better off following best practices and not store any sensitive information in your compiled code. Basically, you don’t want to compile any sensitive information into the swf. You want to load it in at runtime over a secure protocol, such as HTTPS.

if you need more than that, check the Flash Security Whitepaper

Advertisements