I agree, and more documentation on this would be uber kewl. I will add though you can set your web server to accept only HTTPS requests and deny HTTP ones, provided you have such access of course.
DK On 2/7/07, Rick Root <[EMAIL PROTECTED]> wrote: > > To summarize. > > If you load an flex 2 app over HTTPS, and it accesses remote objects, they > will work fine over HTTP, unencrypted, with no problem. > > That's a major security issue if you ask me. > > The client thinks that the everything is happily secure because the > browser > toolbar tells them it is, but there's no warning whatsoever that all the > data going back and forth between Flex and the server is NOT protected, > simply rolled into AMF. > > I hope Adobe fixes that. Flex 2 apps in SSL should not be able to > communicate with non-SSL services / remote objects. > > Rick > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/Flex/message.cfm/messageid:3582 Subscription: http://www.houseoffusion.com/groups/Flex/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.37
