On Thu, Sep 16, 2010 at 11:02 AM, Chris H <[email protected]> wrote:
> Laurence, > > Thanks a lot for the prompt reply, suggestions and wishes. > > 1. In my Flex source code, I have in various files > > <mx:RemoteObject id="myServices" > destination="ColdFusion" > source="famous.connectors.mycfcfile" > showBusyCursor="true" > fault="Alert.show(event.fault.faultString, 'Error')"> > > Do I need to change the destination to SecureColdFusion in above code or if > I make the changes I mentioned in remoting-config.xml it will be sufficient? > Sorry, if my question is naive. > The destination in your RemoteObject is where it will send all ColdFusion requests -- if that destination is named ABCXYZ123, it doesn't matter, as long as that destination exists in your remoting-config.xml file and its channel-ref is set to "my-cfamf-secure". So, whatever changes you decide to make to your .xml files, just make sure that the destination name is set the same in both your Flex program and the CF .xml files... The cool thing is -- if you want some of your CF requests to be secure, and others not to be (because secure channels are usually slower), you simply create two destinations in your remoting-config.xml file -- one that points to my-cfamf and the other one that points to my-cfamf-secure. Then set the destination in your Flex code accordingly... > > 2. Yes, I understand users have to use https://myprogram.com rather than > doing http://myprogram.com which I am doing on my development box. Is that > what you meant? > Yes, exactly. Secure calls to CF won't work unless the whole thing is secured via https: > > > 4. How do I create a secure server-cert so that I can use it on the > development machine? I looked at > http://msdn.microsoft.com/en-us/library/ms751408.aspx and but don't have > Visual Studio installed so don't have the makecert.exe. I am using IIS 5.1 > on a Win XP Professional OS. > I used WinServer 2003, with IIS 6, so I had all that stuff installed already... Unfortunately I can't help you with IIS 5.1 and Win XP... I have no experience with that... Maybe you can upgrade to IIS 6.0? I'm honestly not sure if that would even solve the problem -- all I know is my WinServer 2003 box came with IIS 6.0 installed, and had all the stuff I needed to make a cert of my own... Then I had to add it to my trusted-certs store in each of my browsers on each of the machines I use... Fun! (NOT!) > > > 5. My FlexBuilder presently in Project Properties has Flex Compiler, Root > URL as http://127.0.0.1/myprogram. After the secure cert is installed, I > have to change it to https://127.0.0.1/famous/ or would any other changes > be required in the Flex Builder, Project Properties? > All I did was change the http: to https: in mine... Didn't have to change the folder, because I was using the same folder as I did when I was working on the project without https: One last thing I should mention -- you will have to create a cross-domain policy file... crossdomain.xml It's different for each specific server that you're going to be working with, so you can't use the same one from server-to-server. (And your production server, if it's serving any other Flash-related stuff, should already have one.) So you'll have to do a bit of research to figure out how to set up your own crossdomain.xml file, if you don't already have one... If you don't have a crossdomain.xml file in the root of your web-server, Flash Player will refuse to load secure content, in most cases... Or it will constantly give you "Do you trust this site?" messages... Either way, not good. So lookup crossdomain.xml and start reading. :-) L.
