@_@ On Tue, Oct 14, 2008 at 3:06 AM, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
> Hello~nameless hero~~ > > Today I talked about the security of flex with my mates, there are the > problems and our solutions. > > If there are any faults, please poin it out~ thanks~! > > problem: > If someone decodes our .swf file from the Temp Memory folder. The > BlazeDS's destinations and the Java's method will be exposaled. The > source property of BlazeDS's destination could be catched by doing > somting.The key information of our services-config.xml and remoting- > config.xml might be got by someone. Then he could use that invoke our > Java's method in a new flex project. It sonds unbelievable, but it > maybe, right? > > solutions: > Our solution is to return a unique authentication code to the user > which have loged on. Then if anybody want to invoke some key method , > he must input the unique authentication code. The unique > authentication is saved in database. Everytime user input the right > uinique authentication code, he will get a new unique authentication > code. So that, the method is safe. > > If fact, I want to use BlazeDS to keep the data safe, but it seems > unnecessary. I could only keep some key methods safe. Any better > solution about this? please replay my post~ > > Thanks for your time!! > > mani. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Flex India Community" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/flex_india?hl=en -~----------~----~----~----~------~----~------~--~---
