|
Have you checked out this article by
Brian: http://www.macromedia.com/devnet/flex/articles/security_framework.html? Matt From: Got any material on this stuff? (web.xml?
I thought it was crossdomain.xml) – I’ll have to try the
RemoteObject over SSL, haven’t tangoed with that yet. _________________________________________ Jonathan Miranda Flexible Master of the Web "Try not
to become a man of success, but a man of value." - Albert Einstein HealthGrades: Guiding NASDAQ:
HGRD w
(720) 963-3832 c
(707) 761-0868 _________________________________________ The message contains confidential and/or
legally privileged information and is intended for use only by the indicated
addressee. If you are not the named addressee you should not disseminate,
distribute, or copy this e-mail. Please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail from your
system. E-mail transmissions cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed,arrive late or
incomplete, or contain viruses. The sender therefore does not accept liability
for any errors or omissions in the contents of this message which arise as a
result of e-mail transmission. If verification is required please request a
hard-copy version. From: RemoteObject can be secured a few
ways. You can protect the channel itself which allows access to that
object (basically equivalent to locking down the gateway in web.xml). You
can also restrict by role the users who are allowed to access the service, that
is integrated into your J2EE server or via a custom login adapter. You
can make RemoteObject calls over SSL just fine. Matt From: With a background in Flash Remoting, I understand quite a
bit about Flash Remoting but wanted to ask what the different approaches to
securing a RemoteObject call are? Crossdomain.xml still have any effect on the
SWF’s allowed domain pool – what about going over SSL with Flex
Enterprise calls? I guess I’m looking or a mini article on security with
these calls – just double checking my approach before I find out later I
was mistaken J _________________________________________ Jonathan Miranda Flexible Master of
the Web "Try not to become a
man of success, but a man of value." - Albert Einstein HealthGrades:
Guiding NASDAQ: HGRD w (720) 963-3832 c (707) 761-0868 _________________________________________ The message contains confidential and/or legally privileged
information and is intended for use only by the indicated addressee. If
you are not the named addressee you should not disseminate, distribute, or copy
this e-mail. Please notify the sender immediately by e-mail if you have
received this e-mail by mistake and delete this e-mail from your system. E-mail
transmissions cannot be guaranteed to be secure or error-free as information
could be intercepted, corrupted, lost, destroyed,arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any errors
or omissions in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard-copy version.
|
