You can set protocol=”https”
on the RemoteObject tag and it will use the gateway in amf-https-gateway from
flex-config.xml. That setting might need to be hardcoded into a real url
instead of {context.root} since {context.root} will use the insecure port if
the SWF is served insecurely.
Gotta admit I don’t remember howthe
gateway will react when the certificate expires. You may be able to
adjust the settings on your browser to allow the certificate through by default
and the Player will respect it.
Matt
From: Battershall,
Jeff [mailto:[EMAIL PROTECTED]
Sent: Friday, February 25, 2005
8:29 AM
To: [email protected]
Subject: [flexcoders] Flash
Remoting Encryption Strategies
Hi,
In the Flex app I'm building, I'm going to need to
encrypt the AMF
packets going back and forth. I've gota
couple of questions about
this, and I'm hoping someone has evolved some best
practices regarding
this.
1) Must the entire page containing the Flashmovie
be encrypted? If so,
how does this effect the performance of the movie
instantiation? I know
the HTML wrapper will be encrypted but what about
the embedded movie? I
imagine that encrypting the page would not be
enough - I would need to
encrypt the Flash Remoting calls in additionto
the page that contains
the movie.
2) Depending on #1, couldn't I just encrypt the
Flash Remoting calls?
That would seem to be the most important item to
be encrypted.
3) If I install a trial SSL cert on my dev machine,
and it expires, how
does this affect my encrypted Flash Remoting
calls? I know what happens
on a live site - you get a security warning - what
about with Remoting -
does it still work or am I going to have to ante
up for dev/staging SSL
certs in addition to my production server?
Jeff Battershall
Application Development Consultant
Dow Jones Indexes
[EMAIL PROTECTED]
(609) 520-5637 (p)
(484) 477-9900 (c)
