I have some Flash swfs that are embedded using swfobject and I pass them some vars like user id. How do I prevent people from reading these vars? If someone views the source of the php page that embeds the swfs they can see all the variables that are being passed to flash. Is there a way to hide these vars? What other ways are there to do this? I have thought about setting up an ExternalInterface and calling a javascript function to pass the vars to Flash - would this effectively hide the data I am sending?
thanks
you cannot actually hide the data. you can only make it harder to find. using firebug or similar tools, people will always find out, since they can look at what your JS does, and at the data your app sends. the best you can do is to add some encryption, but using a decompiler, one can easily extract the decryption mechanism from the swf.
if you described the general problem (what kind of data is being sent and why/against what you want it protected), maybe I could provide more specific ideas.
edit: this seems like a serious security flaw to me. a restricted service should only grant access to properly authenticated users. the flash client should never pass its user id. instead, a session (as created by a login) should be associated with a user, thus permitting identification. so your client will never even know of its user ID. it will just send a request and the PHP session will permit to find out this user ID and provide the corresponding data.