You can use the Base64Encoder class to encrypt your passwords within
flex then pass via your HTTPService. If you don't have flex
builder, I can help with the API of that class. Otherwise there's
also the corelib.swc - I don't know where I got it from though,
probably google it to find it...
Nathan, thanks for the reply
I've found in Google that AS3 is able to encode data through Base64. It's
good because my JSP web-service can easily decode it.
But somethings are still obscure to me.
1) Is Base64 secure?
2) What's the standard model of authentication in RIA? I mean.. I figure out
1) Is Base64 secure?
[Pete] No. You need to use HTTPS for the actual transmission in order
for it to be secure. Base64 is merely a way to obfuscate strings to make
them not immediately human readable, i.e. in server logs etc.
2) What's the standard model of authentication in RIA? I mean.. I
Authentication is a very tricky topic in my mind. I have found that
it's better to put you authentication step right in the RIA app itself
and not have it a separate login page.
If you insist that your login page is outside of the app then I would
suggest using a token or perhaps Acegi. The
Pete, thanks for your reply
Good to know about Base64. I'm gonna take a look now at how to lock the
resources configuring the web.xml
On 05 Apr 2007 07:22:51 -0700, Peter Farland [EMAIL PROTECTED] wrote:
1) Is Base64 secure?
[Pete] No. You need to use HTTPS for the actual transmission in
Pretty sure you dont need to use FDS to use AMF (Remoting).
This would of course be cake if you were using Coldfusion :)
No idea how to do it though for JSPs, maybe someone can shed some
light on that for us. HTTP is so slow and well slow. :)
--- In flexcoders@yahoogroups.com, André Rodrigues
Paul, thanks for you reply
I didn't quite understand what you mean by embeding authentication wihin the
Flex program. There's no way I can escape from some kind of web-service.
Unless I agree to recompile the application every-time some user information
changes (see that this topic is all about
Thanks Josh.. I knew about couldfusion and AMF I just didn't mentioned it :)
In my case I have to use HTTP based XML-RPC using JSP/Tomcat back-end. HTTP
is slow in fact, but is a standard.
On 05 Apr 2007 09:28:55 -0700, gotjosh819i [EMAIL PROTECTED]
wrote:
Pretty sure you dont need to use
] Re: User authentication
Paul, thanks for you reply
I didn't quite understand what you mean by embeding authentication wihin the
Flex program. There's no way I can escape from some kind of web-service. Unless
I agree to recompile the application every-time some user information changes
(see
You don't need to bother with HTTPS or encryption if you use a
challenge-response methodology. For that simple Hashing will do (AS3
corelib has a SHA256 implementation among others). Servers sends random
text challenge to client. Client responds back with hashed combo of random
text and the
]
To: flexcoders@yahoogroups.com
Sent: Thursday, April 5, 2007 12:20:37 PM
Subject: RE: [flexcoders] Re: User authentication
You don't need to bother with HTTPS or encryption if you use a
challenge-response methodology. For that simple Hashing will do (AS3
corelib has a SHA256 implementation among
to weaken the usefulness of
web based service providers.
- Original Message
From: Samuel R. Neff [EMAIL PROTECTED]
To: flexcoders@yahoogroups.com
Sent: Thursday, April 5, 2007 12:20:37 PM
Subject: RE: [flexcoders] Re: User authentication
You don't need to bother with HTTPS or encryption
Adobe not crossed this particular
t along with having dotted the i's, so to speak.
- Original Message
From: André Rodrigues Pena [EMAIL PROTECTED]
To: flexcoders@yahoogroups.com
Sent: Thursday, April 5, 2007 1:55:11 PM
Subject: Re: [flexcoders] Re: User authentication
Guys.. I
book
Authentication - From Passwords to Public Keys - Chapter 13.6.
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of André
Rodrigues Pena
Sent: Thursday, April 05, 2007 4:55 PM
To: flexcoders@yahoogroups.com
Subject: Re: [flexcoders] Re
Rodrigues Pena
Sent: Thursday, April 05, 2007 4:55 PM
To: flexcoders@yahoogroups.com flexcoders%40yahoogroups.com
Subject: Re: [flexcoders] Re: User authentication
Guys.. I appreciate all your help. I could realize how many possibilities
there are regarding authentication.
My question now is:
How
PROTECTED]
To: flexcoders@yahoogroups.com
Sent: Thursday, April 5, 2007 2:37:10 PM
Subject: Re: [flexcoders] Re: User authentication
Thanks again for your help Ray and Peter..
I am actually a little lost. All I want is to guarantee that the user name and
password that will go from Flex HTTPService
for
HTTPService to handle the way my tokens were being sent to the destination and
the rest (no pun intended) would take care of itself.
- Original Message
From: Tony Obermeit [EMAIL PROTECTED]
To: flexcoders@yahoogroups.com
Sent: Thursday, April 5, 2007 4:08:38 PM
Subject: [flexcoders] Re
You will, no doubt, get much better answers from others as I am
working on the same things over here. But Flex plays in your browser's
session management like anything else. In other words, it sends the
same headers the browser would send when requesting something from the
server.
If you already
18 matches
Mail list logo