Trying to compile data on security for DCR - want feedback 2003-11-25 - By Barry Swan
Back
While I'm having fun on this security thing, I thought it might make
sense if we all combined our ideas etc into a reference document for
future use, and also to make sure that we can come up with a system as
secure as possible.
I'll compile all we've talked about recently and in the past on this
list, and keep it public, so any mistakes or omissions can be added.
Obviously the idea is to come up with methods that make hackers lives
difficult, as well as possibly discuss the various issues surrounding
online security for us.
So far, doing a quick draft, I've got the following topics:
Methods of hacking
- Memory watchers
- File readers
- Using Director
- Sending falsified data
Preventing your DCR being run on other websites
- Linking to DCR on your site
- Hosting the DCR on their site
- Framing your DCR
- IFraming your DCR
Preventing your DCR being run locally
- As a DCR
- As a MIAW
- As an LDM
Protecting scripts
- Masking routines
- Masking properties
- Obfuscating member names
- Obfuscating code
Protecting variables
- Duplication
- Checksums
- Obfuscation
Sending / receiving data
- Encryption
- Encoding
If anyone has anything I've missed, let me know. Once it's got some
content I'll stick it online and update it with people's feedback.
Barry
gerbil@(protected)
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Dir3d-l mailing list
Dir3d-l@(protected)
http://nuttybar.drama.uga.edu/mailman/listinfo/dir3d-l
|
|
