Hello~nameless hero~~ Today I talked about the security of flex with my mates, there are the problems and our solutions.
If there are any faults, please poin it out~ thanks~! problem: If someone decodes our .swf file from the Temp Memory folder. The BlazeDS's destinations and the Java's method will be exposaled. The source property of BlazeDS's destination could be catched by doing somting.The key information of our services-config.xml and remoting- config.xml might be got by someone. Then he could use that invoke our Java's method in a new flex project. It sonds unbelievable, but it maybe, right? solutions: Our solution is to return a unique authentication code to the user which have loged on. Then if anybody want to invoke some key method , he must input the unique authentication code. The unique authentication is saved in database. Everytime user input the right uinique authentication code, he will get a new unique authentication code. So that, the method is safe. If fact, I want to use BlazeDS to keep the data safe, but it seems unnecessary. I could only keep some key methods safe. Any better solution about this? please replay my post~ Thanks for your time!! mani. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Flex India Community" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/flex_india?hl=en -~----------~----~----~----~------~----~------~--~---
