incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Heidegger ...@leichtgewicht.at>
Subject Re: Signed RSL from Apache
Date Mon, 20 Feb 2012 12:04:15 GMT
On 20/02/2012 20:50, David Arno wrote:
>> From: Paul Evans [mailto:paulevans@creative-cognition.co.uk]
>> Sent: 20 February 2012 10:20
>>
>>  From previous discussion, Alex raised concern of potential exposure to a
>> man-in-the-middle attack - unless we find a way of getting them signed.
> Do they really need signing? If we generate MD5 hashes for the SDK SWCs,
> then the loader could check those hashes on load. Would that not be secure
> enough, or is there a flaw in that idea?
>
> David.

The flash player caches the signed RSL's differently. [1]

[1] http://livedocs.adobe.com/flex/3/html/help.html?content=rsl_09.html

yours
Martin.

Mime
View raw message