I wanted to extend the functionality of my website by allowing people to upload and view .SWF files.

Before I do that, what type of security measures should I take?

The obvious one I found was setting “allowScriptAccess” and “allowNetworking” to "Never" when embedding them.

Then, I read a post over at stackoverflow.com saying that I should "mask" any unknown/user created swf file first before doing anything else? Is masking the same as creating a loader?

Is that all I have to do? I think there might be more to it than that. Any feedback, tips is appreciated.