Is it possible to change the value of a variable in a compiled SWF (using as3) via a servlet (say on a per session basis) before return the modified SWF back to the client. I notice there are a few command line utils as Open Source, but these seem to focus on AS2. Is this possible with AS3 code? What libs are available do this from java ? (ie. basically editing the resultant pcode in the unbundled SWF and then repackaging it).
Ideally would like to embed in the main swf a per session token (without using flash vars) that can then be used to authenticate the request. The goal is to use this say as one more step in XSS support (when combined with the cross domain permission files). Flash vars is still in the DOM, but this would allow only the loader to know the value of the key (very hard for java script) and we can lock down flash pretty well not to expose the value to any loaded swfs, and cross domain files can limit any reading of xml files back on the originating server only by the original swf (only one from that domain).