Encrypting a sensitive parameter in an SWF embed statement

Question

Hi,

Just looking for some advice/leads on "best practices" for protecting a sensitive id (personally identifiable information)...

I've got a Java-based webapp (JSPs, Servlets, etc) that is going to need to embed a SWF file running on a trusted 3rd party site.

As part of embedding the SWF file, I'm going to need to pass a parameter in the block containing the currently logged in customer's ID.

Question: knowing that I have a Java stack and not really knowing (or caring) what technology stack the SWF hoster has, what's the best way of encrypting that customerID such that someone who views source and starts trying to change the customer ID parameter can't suddenly get a SWF that's not related to them?

Answer 1

You could use the crypto library on Google Code

You would need to use a 2 way encryption algorithm, and have the key stored in the swf. This is not secure though. Anyone who decrypts the swf would be able to access the key and encrypt a different user id to try.

I have used DES and 3DES for similar security measures.