On 8/7/06, Dimitrios Gianninas <[EMAIL PROTECTED]> wrote:
I sort of assumed both of these, and in the flash version of my apps I do something similar. But particularly with #2 using J2EE security really requires expertise outside the scope of what is described and documented for Flex or FDS. So this really means that out of the box, Flex and particularly FDS is not secure since there are no API's to facilitate this. It would seem to me that support for security would be built into FDS. Interestingly though there is very little (at least as far as I have seen) discussion about this. It just seems that every Flex application is wearing a giant "Hack Me" sticker on its forehead.
Regards
Hank
My company is releasing its first external facing Flex application it is used by our clients to updates various types of information. Yes someone could create an application to simulate the Flex app, so here are the two things to do:1) run the app under HTTPS - to encrypt all traffic2) use the role-based security provided by your J2EE server
With #2, this means that before any incoming traffic is accepted by flex, the user will have to be authenticated and if it is not, the call is rejected.This is the same for RPC or using FDS.
I sort of assumed both of these, and in the flash version of my apps I do something similar. But particularly with #2 using J2EE security really requires expertise outside the scope of what is described and documented for Flex or FDS. So this really means that out of the box, Flex and particularly FDS is not secure since there are no API's to facilitate this. It would seem to me that support for security would be built into FDS. Interestingly though there is very little (at least as far as I have seen) discussion about this. It just seems that every Flex application is wearing a giant "Hack Me" sticker on its forehead.
Regards
Hank
__._,_.___
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
SPONSORED LINKS
| Web site design development | Computer software development | Software design and development |
| Macromedia flex | Software development best practice |
YAHOO! GROUPS LINKS
- Visit your group "flexcoders" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
__,_._,___
