----- Original Message -----
From: "Omar Fouad" <[EMAIL PROTECTED]>
To: "Flash Coders List" <[email protected]>
Sent: Saturday, January 26, 2008 9:39 PM
Subject: Re: [Flashcoders] Flash and Database Issue - Need Advice
What do you mean by "Whatever you fear about security using Flex is
equally
applicable to Flash." ?
You were concerned about decompilers being used to reverse-engineer the code
and therefore compromise security. I think it's known that there are Flash
decompilers for AS1/2. I haven't heard about an AS3 decompiler yet. If you
compare Flex and Flash (CS3/AS3) vulnerability to decompilation, since both
are working with thye same language I would think there's little between
them as regards susceptibility to decompilation.
IF you consider other security risks, for example interception of data
en-route to a database, there are essentially three mechanisms by which that
can be done
1) The client passes data between the client machine and a server (typically
via a http request of one form or another). There's no difference between
the vulnerability of Flash or Flex in this respect since both would use the
same kind of mechanisms. Besides plain HTTP you have socket server and
proprietary formats such as AMF, but both Flash and Flex have access to
these mechanisms equally.
2) The client (Flex or Flash) can use HTTPS to encrypt the data, so there's
little difference between Flex and Flash here.
3) Unusually a Flash or Flex client could use an SQL library to directly
make calls to a remote database. In this case the security is dependent on
the safety of the database protocols used and the ability to reverse
engineer the application. The database is publicly exposed to allow the
clients access.
4) I understand that SQL server does allow direct XML socket access, thereby
enabling Flash or Flex to directly access the database. This is rather
similar to 3.
So essentially there's little to choose security-wise between Flex and Flash
CS3/AS3. The most secure model involves a good server-side component that
controls access to the database and enforces security.
In terms of a CMS application though, I think Flex wins hands down. It's
features for developing user interfaces are way ahead of Flash, particularly
with the ability to read and manipulate XML data and generate and layout
data-driven interfaces. I know Flash now has E4x in AS3, but Flex goes
beyond that.
Paul
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
