DELETED

General impression, suggestions, ideas, etc.
Post Reply
DELETED
Way to go!

Post by DELETED » Mon Feb 16, 2004 12:41 pm

DELETED

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Post by DraconPern » Mon Feb 16, 2004 4:45 pm

Just to answer your question on security, because I know everyone is wondering about it.

FrontMotion Login does not use IE to use Flash, Flash is being called directly (as an ActiveX control in an Apartment threading model). This means that a bug in IE will not affect the login, only a bug in Flash will affect the security (Macromedia is pretty good at patching buffer overflow bugs, etc). You can in fact install the Flash plugin without using IE with a redistributable license from Macromedia. I have already obtained the license to do so and is looking at integrating the Flash plugin in future installs of FrontMotion Login.

Now, there are other security issues which is inhereit to an OS component such as FrontMotion Login. The central issue is that as an integral part of the OS, the component is in a sense 'trusted by default' (after all it is these components that enforces the security of the system). Inside FrontMotion Login security is enforced, and Flash by itself does not take any subversive action unless directed by the swf movie file. Flash files cannot be hacked to 'go around' the login security, eg, they still won't be able to login without a password. However, the swf file can take subversive actions that does not involve logins. For example, a bad swf file can send what the user typed in like their password to another computer using a http post. This obviously will eventually lead to a security problem down the road.

Now, the only way that a malicious swf can be used is if a user with admin access specifies that the swf is to be used. That security is enfored through the registry key (only Administrators have write access to the LocalMachine key), and directory security (only Administrators and PowerUsers can write to the system32 and sub directories)

In the end it boils down to making sure you only run swf files that do not have malicious code and treat it just like other software that you will run on the computer.
FrontMotion Lead Developer

DELETED

Post by DELETED » Mon Feb 16, 2004 6:26 pm

DELETED

DELETED

Post by DELETED » Mon Feb 16, 2004 7:29 pm

DELETED

zman

web

Post by zman » Mon Feb 16, 2004 8:40 pm

the web connection is one of the coolest features I have the login Im working on showing the weather in my home town and im gonna have it show some other crap. Id say everyone should include the .fla file in any theme that they post that way you can check the flash code before using it

DELETED

Post by DELETED » Tue Feb 17, 2004 2:57 am

DELETED

Guest

Post by Guest » Tue Feb 17, 2004 3:31 am

:oops: Wasn't thinking corprate.

Post Reply