No, no sticker! There probably is limited documentation
because:
a) there is actually not much to
configure
b) since it is based on the J2EE security model, this is
already documented with your app server
Really you just have to configure your roles in the
services-config.xml and then configure your RPC and FDS services to use these
roles.
When a remote calls comes in and no valid authenticated
session exists, the call will be rejected. So even if someone simulates this, it
will fail.
Dimitrios
Gianninas
RIA Developer
Optimal
Payments Inc.
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of hank williams Sent: Monday, August 07, 2006 9:37 AM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Security Question
On 8/7/06, Dimitrios
Gianninas <dimitrios.gianninas
I sort of assumed both of these, and in the flash version of my apps I do something similar. But particularly with #2 using J2EE security really requires expertise outside the scope of what is described and documented for Flex or FDS. So this really means that out of the box, Flex and particularly FDS is not secure since there are no API's to facilitate this. It would seem to me that support for security would be built into FDS. Interestingly though there is very little (at least as far as I have seen) discussion about this. It just seems that every Flex application is wearing a giant "Hack Me" sticker on its forehead. Regards Hank
-- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
SPONSORED LINKS
YAHOO! GROUPS LINKS
__,_._,___ |
- RE: [flexcoders] Security Question Dimitrios Gianninas
- Re: [flexcoders] Security Question hank williams
- [flexcoders] Re: Security Question Dave Wolf