I am curious about the security issues associated with sending commands from flex to a remote database.
As I write code to send commands to the server, I am wondering how secure it is to do so. In other words. If I want to send a command to the server to update a field in the database, how easy is it form someone else to write some code to pretend to be a flash client sending that command. In the flash environment I had this concern, but fewer people were doing sophisiticated client side updating of data in flash. In flex, remote data access is its primary reason for existence, and I am wondering if there is a better security strategy. For example can one say, If you use FDS you will be much more secure? I know that FDS allows for encrypted communication. But that only prevents someone from spying on a communication. But if an app pretends to be an authorized client and knows (or guesses) the key of a record, they could really wreak havoc. So is it possible to write a secure application in flex (like for banking), where there is data intelligence on the client side. Or must flex apps that need to manipulate data be more like html apps where they *only* handle presentation and no business logic? Hank -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
