Flash: can I forbid ExternalInterface access to loaded SWF?

5
votes

We have a Flash app (AS3). This is a desktop application that runs in our own projector. No Air. The projector is written in C++. The projector gives Flash part an indirect access to Windows API via ExternalInterface.

Now we want to let our community to create plugins. Just to let them make a small animated picture with a bit of Action Script 3.

A plugin is going to be loaded as external .swf file at runtime. And, of course, we would like our users to distribute the plugins on the net.

But, we have a security concern. What if some bad person would take advantage of the indirect access to Win API?

I have made a small test. A child .swf loaded into the program tries to call ExternalInterface methods. It turned out the child.swf was able to do this. So every .swf file loaded into our program will automatically has an access to Win API.

Downloading plugins for our program becomes as dangerous as an .exe file.

Can we forbid ExternalInterface access to the loaded .swf? If not - how would you implement plugin system in AS3 with security in mind?

I would appreciate any tips that can help.

3
flashsecurityexternalinterface

3 Answers

1
votes

Well I don't know of any explicit methods in AS3. But here is what I propose :

  • Before WinAPI is accessed, let there be a callback to the main SWF to authorize the request.

  • If the request is made by the main SWF then the authorization should be a success.

  • If the child SWF makes the request, the main SWf shall deny the request.

EDIT

The child swf may not really ovverride the main swf call. If it does you may actually ovveride it back from the main. Besides isn't the externalInterface for the child, the main swf.

Either ways, it would be hard for the plugin writer to know even the signature of authentication function unless you share it.

0
votes

You need to create new process for you swf file to implement your own sand box. I think it would be best if you start a true air component(a new exe file) that will handle this swf

0
votes

If you would ask me, I would add code in my projector to be able to tell if a loaded swf is a plugin or the main app.

Then, it would be as easy as asking the main program if it originated the externalInterface call.

An easy thing would be to encrypt the current timestamp in the swf and send it to the projector, which would then decrypt the parameter, and validate the call.

Of course, any such solution would ABSOLUTELY REQUIRE that your C++ projector and SWF be EXTREMELY well obfuscated.