On 20/02/2012 20:50, David Arno wrote:
From: Paul Evans [mailto:paulev...@creative-cognition.co.uk]
Sent: 20 February 2012 10:20
From previous discussion, Alex raised concern of potential exposure to a
man-in-the-middle attack - unless we find a way of getting them signed.
Do they really need signing? If we generate MD5 hashes for the SDK SWCs,
then the loader could check those hashes on load. Would that not be secure
enough, or is there a flaw in that idea?
David.
The flash player caches the signed RSL's differently. [1]
[1] http://livedocs.adobe.com/flex/3/html/help.html?content=rsl_09.html
yours
Martin.
