December 26th, 2011, 09:11 PM
Avoiding Potential Hazards When User Uploads SWF Files
I wanted to extend the functionality of my website by allowing people to upload and view .SWF files.
Before I do that, what type of security measures should I take?
The obvious one I found was setting “allowScriptAccess” and “allowNetworking” to "Never" when embedding them.
Then, I read a post over at stackoverflow.com saying that I should "mask" any unknown/user created swf file first before doing anything else? Is masking the same as creating a loader?
Is that all I have to do? I think there might be more to it than that. Any feedback, tips is appreciated.