I am curious about the security issues associated with sending
commands
from flex to a remote database.
As I write code to send commands to the
server, I am wondering how
secure it is to do so. In other words. If I want
to send a command to
the server to update a field in the database, how easy
is it form
someone else to write some code to pretend to be a flash
client
sending that command.
In the flash environment I had this
concern, but fewer people were
doing sophisiticated client side updating of
data in flash. In flex,
remote data access is its primary reason for
existence, and I am
wondering if there is a better security strategy. For
example can one
say, If you use FDS you will be much more secure? I know that
FDS
allows for encrypted communication. But that only prevents
someone
from spying on a communication. But if an app pretends to be
an
authorized client and knows (or guesses) the key of a record,
they
could really wreak havoc.
So is it possible to write a secure
application in flex (like for
banking), where there is data intelligence on
the client side. Or must
flex apps that need to manipulate data be more like
html apps where
they *only* handle presentation and no business
logic?
Hank
|
AVIS
IMPORTANT
|
WARNING
|
|
Ce message électronique et ses pièces jointes peuvent contenir des renseignements confidentiels, exclusifs ou légalement privilégiés destinés au seul usage du destinataire visé. L'expéditeur original ne renonce à aucun privilège ou à aucun autre droit si le présent message a été transmis involontairement ou s'il est retransmis sans son autorisation. Si vous n'êtes pas le destinataire visé du présent message ou si vous l'avez reçu par erreur, veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses pièces jointes, de votre système. La lecture, la distribution, la copie ou tout autre usage du présent message ou de ses pièces jointes par des personnes autres que le destinataire visé ne sont pas autorisés et pourraient être illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en aviser l'expéditeur.
|
This electronic message and its attachments may contain confidential, proprietary or legally privileged information, which is solely for the use of the intended recipient. No privilege or other rights are waived by any unintended transmission or unauthorized retransmission of this message. If you are not the intended recipient of this message, or if you have received it in error, you should immediately stop reading this message and delete it and all attachments from your system. The reading, distribution, copying or other use of this message or its attachments by unintended recipients is unauthorized and may be unlawful. If you have received this e-mail in error, please notify the sender.
|
