Darren, Flex inherits the HTTP session that the page which contained the EMBED tag acquired. Dont forget that HTTP/HTML is entirely stateless and yet we can easily secure those. The theory is identical with Flex.
-- Dave Wolf Cynergy Systems, Inc. Adobe Flex Alliance Partner http://www.cynergysystems.com http://www.cynergysystems.com/blogs Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In [email protected], "Darren Houle" <[EMAIL PROTECTED]> wrote: > > Franck, > > I agree with you, but... how do you handle security in a stateless back-end? > I mean... how do you maintain logged-in / user session information? Or > unauthorized access of the web services by others? If Flex is *completely* > agnostic of the back-end technology then how do you securely link them > together? > > Darren > > > > > >From: "Franck de Bruijn" <[EMAIL PROTECTED]> > >Reply-To: [email protected] > >To: <[email protected]> > >Subject: RE: [flexcoders] Re: Choice of backend systems - which provides > >best functionality > >Date: Tue, 22 Aug 2006 18:03:24 +0200 > > > >Hi Barry, > > > > > > > >I'm not sure if I can be of much help here. I'm not into PHP, I'm not into > >FDS and remoting and the AMF protocol that is related to it. For me, but > >that is totally a personal opinion, the only acceptable solution for > >communication with a back-end is webservices, and nothing else. Briefly > >here > >are my reasons: > > > >* The coolest thing about Flex is not the graphics ... but that you > >can make your server stateless, meaning that you obtain 100% fail-over > >characteristics including linear scalability. With FDS (or any other > >related > >solution) you highly likely lose this `feature' and my guess is that > >scalability will be tougher to achieve; for sure it is harder to guarantee > >... with a stateless server solution you can. And we always want to grow > >with our applications, don't we??? > >* I like to keep my Flex layer totally independent of my back-end > >layer. My back-end layer should not be aware by any means of the client > >technology. With webservices you realize this. With FDS (or any other > >related solution) you get a vendor lock-in, which I consider undesirable. > >* The trend in my business is that more and more you get projects only > >for a front-end or back-end solution. In the past it occurred more that you > >had to build them together, but that is changing. It's very acceptable to > >request a back-end to expose its operations through webservices. It's not > >very accetable to request them to expose it via FDS or something like that. > > > > > > > >To be fair, there are some disadvantages using web services as well; among > >others: > > > >* No automatic conversion of the web service results into your custom > >action script classes. You have to make converters yourself to accomplish > >this. With FDS/AMF I understand you can have this conversion automatically > >done for you. > >* Performance. People tend to say that webservices are slow. It's true > >that the serialization/deserialization of the XML (both on client and > >server) side takes computing time. My experiences so far are that this > >extra > >computing time is not causing any serious damage in the user experience. > >* Flex has some trouble communicating with DOC/Literal encoded > >webservices. Especially in the .Net corner this is causing problems. But > >that should be temporarily ... The adobe guys are working on it and > >hopefully in a next release these issues will be fixed. > > > > > > > >For me the advantages of webservices by far outweigh the disadvantages. So > >if you ask me: use webservices! You keep your freedom ... > > > > > > > >Cheers, > > > >Franck > > > > > > > > > > > > _____ > > > >From: [email protected] [mailto:[EMAIL PROTECTED] On > >Behalf Of barry.beattie > >Sent: Tuesday, August 22, 2006 9:50 AM > >To: [email protected] > >Subject: [flexcoders] Re: Choice of backend systems - which provides best > >functionality > > > > > > > >Franck and Doug: may I be so bold as to include here some information > >I sent to our programming team for them to have some context? > > > >I offer it here as a talking point only - and would invite any > >comments or corrections to help me gain a better understanding myself > >... this has just been gathered by my own ad-hoc investigations. the > >context of the email was a report that Adobe were seriously targeting > >PHP developers for Flex. > > > >------------------------------------ > >regarding Flash remoting: some background to put it into context: > > > >there are three basic ways of getting communication happening between > >a SWF (now-a-days built with Flex) and server-side code: > > > >webservices > >XML HTTP requests > >Flash Remoting (using the Async Message Format - AMF) > > > >PHPAMF (Flash remoting with PHP) is not a Macromedia/Adobe product. It > >was reverse engineered by the PHP community to use Flash remoting. > >It's been around for a few years (that I know of) and may be even more > >popular than CF-AMF (don't know for sure) > > > >here's the important bit: > > > >PHPAMF, OpenAMF, the Adobe .NET/ Java remoting add-in and ColdFusion > >6.1 remoting all use the AMF0 protocol. ColdFusion 7.02 and > >FlexDataServices (Java) all use AMF3 > > > >What's the diff? 2 things: > >Apart from some removal of dumb stuff-ups and a reduction of data > >packet size (thanx to new encoding), AMF3 is very strongly typed which > >allows a seamless (and easy) mapping/conversion between server side > >objects (eg: Java value objects and ColdFusion's CFC's). This is why > >FlexBuilder can have a simple wizard to take your CFC and create > >Actionscript classes from it (and/or visa-versa). Before it was all > >manual with a tonne of testing (eg string to numeric conversions, etc). > > > >[NOTE: the follow paragraph is total speculation] > > > >Also, inside the latest Flash player (Flash9) there are actually 2 > >players. An older for backwards compatability and the latest "hot-rod" > >that has had some amazing improvements in functionality and speed. > >Expect to see the use for the older player depricated in less than 5 > >years (the new player in Flash9 is like starting again). AMF0 is for > >the older player, AMF3 for the newer. > > > >Will Adobe release their own PHPAMF using AMF3? I'm not sure, since > >they aren't bothering to upgrade the .NET/ Java remoting add-in (I've > >checked). But if they do, you can be assured that they will charge > >well for it - just like the .NET/ Java remoting add-in (almost as much > >as a CF licence). > > > >Will the PHP community re-engineer their remoting for AMF3? Quite > >possibly. they're smart people. But I haven't herd anything yet.... > > > >my gut feeling? Adobe will try and push remoting onto everyone so they > >can take up Flex 2 and buy Flexbuilder. they'll have to support it > >somehow. see the note below about WebOrb... > > > >ADDENDIUM > > > >I have deliberatly not mentioned 2 products: > > > >WebOrb, a pricey but full featured product that is an alternative to > >FlexDataServices (and runs AMF3) for .NET and Java - and - (comming > >soon) PHP and Ruby! (http://www.themidni > ><http://www.themidnightcoders.com/index.htm> ghtcoders.com/index.htm) > >Fluorine, an open source project for Flash (AMF3) and .NET > >(http://fluorine. <http://fluorine.thesilentgroup.com/fluorine/index.html> > >thesilentgroup.com/fluorine/index.html) > > > > > > > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
