Here is a scenario:
I am embedding form.swf in http://somesite.com/page.html. The SWF is loaded from https://mysite.com/form.swf and submits to https://mysite.com/secureform.php.
So, is the transmission to the server secure?
+2
A:
It depends what you mean by secure. I think you are asking whether the submitted data is secure, and the answer is that if you are using HTTPS, it is.
HTTPS on the SWF ensures just that the Flash object cannot be maliciously modified between the server and the client.
MattJ
2009-03-16 21:59:21
+1
A:
Yeah, you are going to have to elaborate on what you mean by 'secure'. HTTPS just provides transport security (in most cases). It doesn't provide end-point security. That is to say, there is no way to guarantee that either end of the connection is secure, just that the transport is (mostly) secure. If either end point has been hacked many kinds of attacks can occur through altered SSL certificates. So you can't trust the client data. I will assume for now you can trust the server data (or you are in real trouble :-)).
Jotham
2009-03-16 22:10:08
To clarify, that's all that I meant - security of transmission from the SWF to the server :)
Allan
2009-03-16 22:13:35