I'm working on a Flash-based font viewer for a font retailer website. I've been reading up on SWF decompilers, and I was wondering, can decompilers grab fonts embedded in a SWF and output them in some sort of reusable format?
I might also be embedding the fonts in external SWFs, possibly hosted on a HTTPS server. Would that be a feasible way of protecting the fonts from decompiling?
(I've got a copy of the Sothink Decompiler lying around and I was meaning to put all this to the test, but unfortunately the trial period's ended.)
Thanks for your help!
Andrey
You cannot protect any information or data that is required to be present in the client. If the browser can use it, it can be extracted. Encryption can provide an additional layer that must be removed by an attacker, but in the end, the browser must be able to decrypt the information, and therefor an attacker can emulate what the browser does and get the data that way.
A solution to this problem would be rendering the font on a server and fetching the result (e.g. an image-file) with Flash. This way you can leave the font-data on the server and still display the output. I don't know if this is possible in your architecture, but this seems to be the secure way to do this.