> Agreed :-)....... but to piss on his parade, Flash ontop of > J2EE with Flash Remoting is online banking safe...; I challenge > him to prove to me its not (sorry couldn't resist....)
You want to be very careful when you piss on someone's parade; there might be a headwind. Flash, just like HTML, is as safe as you make it, when you're referring to data integrity between client and server. Using J2EE doesn't make any difference - you can build insecure applications just as easily with J2EE as with any other CGI-style environment - and Flash Remoting just makes it harder to manipulate the data (far from impossible, though, I suspect - it's binary, but not encrypted or obfuscated, according to the curious folks who've started examining the format). The key is to design your application with security in mind; don't unnecessarily rely on data from the client when you can avoid it, filter all data from the client every time, and use SSL as appropriate to prevent third parties from being able to see the data. If you do that, you won't have any more problems with Flash than you would with a well-designed HTML interface. If you don't, you'll have the same problems that you'd have with a poorly-designed HTML interface. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
